DigiCert Hacked via Weaponized Screensaver File to Obtain EV Code Signing Certificates

📅 4 May 2026 at 17:50 UTC📰 Cyber Security NewsView original source ↗

A sophisticated threat actor breached DigiCert’s internal support environment in early April 2026 by tricking support analysts into executing a disguised malicious screensaver file, ultimately obtaining stolen EV Code Signing certificates used to distribute the “Zhong Stealer” malware family. On April 2, 2026, a threat actor contacted DigiCert’s customer support team through a Salesforce-based chat […] The post DigiCert Hacked via Weaponized Screensaver File to Obtain EV Code Signing Certificates appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A sophisticated threat actor breached DigiCert's internal support environment by tricking support analysts into executing a disguised malicious screensaver file, resulting in the theft of EV Code Signing certificates used to distribute the Zhong Stealer malware family.

⚙️Technical Details

Affected Systems

DigiCert's internal support environment

Attack Vectors

Disguised malicious screensaver file

💥Impact Assessment

Severity: critical

Who Is at Risk

Organizations relying on DigiCert for EV Code Signing certificates

🛡️Recommended Actions

1Implement strict controls on employee access to sensitive areas of the network

2Regularly update and patch operating systems and software with the latest security patches

3Verify the authenticity of incoming code signing certificates

📦Affected Products

Product Name: DigiCert's internal support environment

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed