> TritonInfoSec News
Home / May 20, 2026 / Story
0
#3 BleepingComputer general May 19, 2026 at 21:47 UTC

Cybercrime service disrupted for abusing Microsoft platform to sign malware

By Lawrence Abrams

AI Summary

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation active since May 2025 that abused Microsoft's Artifact Signing service to generate fraudulent code-signing certificates for ransomware gangs and other cybercriminals. The company unsealed a legal case in U.S. District Court detailing the takedown, which is notable because it weaponized Microsoft's own legitimate signing infrastructure. Security teams should audit code-signing trust chains and verify certificate provenance for software deployed in their environments.

Read full article → https://www.bleepingcomputer.com/news/security/cyb…

Relevance score: 86.0/100

# More from May 20

  1. 1
    GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories The Hacker News
  2. 2
    Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector SecurityWeek
  3. 4
    In stunning display of stupid, secret CISA credentials found in public GitHub repo Ars Technica Security
  4. 5
    New Shai-Hulud malware wave compromises 600 npm packages BleepingComputer
  5. 6
    Max-severity flaw in ChromaDB for AI apps allows server hijacking BleepingComputer
  6. 7
    Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare The Hacker News
  7. 8
    DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability The Hacker News
  8. 9
    The New Phishing Click: How OAuth Consent Bypasses MFA The Hacker News
  9. 10
    GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials The Hacker News