Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

In 2020, we announced we were in the early phases of establishing the Chrome Root Program and launching the Chrome Root Store. The Chrome Root Program ultimately determines which website certificates are trusted by default in Chrome, and enables more consistent and reliable website certificate validation across platforms. This post shares an update on our progress and how these changes help us better protect Chrome’s users.

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.