Bleeping Computer

Microsoft code-sign check bypassed to drop Zloader malware

A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries. The campaign orchestrated ...
Ars Technica

Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors

In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by ...