> TritonInfoSec News
Home / May 21, 2026 / Story
0
#3 The Record threat-intel May 19, 2026 at 16:36 UTC

Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs

AI Summary

Microsoft's legal action against Fox Tempest details a code-signing abuse platform that provided cybercriminals with tools to sign malicious code since May 2025, enabling ransomware distribution at scale. The service exploited Microsoft's own software verification infrastructure, allowing malware to bypass security controls. Security teams should audit signed software from unknown publishers and monitor for misuse of trusted signing certificates.

Read full article → https://therecord.media/microsoft-disrupts-fox-tem…

Relevance score: 88.0/100

# More from May 21

  1. 1
    GitHub confirms breach of 3,800 repos via malicious VSCode extension BleepingComputer
  2. 2
    Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks The Hacker News
  3. 4
    Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit The Hacker News
  4. 5
    CISA Exposes Secrets, Credentials in 'Private' Repo Dark Reading
  5. 6
    Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches CyberScoop
  6. 7
    7-Eleven confirms data breach claimed by the ShinyHunters gang BleepingComputer
  7. 8
    Grafana breach caused by missed token rotation after TanStack attack BleepingComputer
  8. 9
    Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack SecurityWeek
  9. 10
    Microsoft Self-Service Password Reset abused in Azure data theft attacks BleepingComputer