DigiCert support portal compromise — 60 fraudulent EV code-signing certificates

incident · incident:digicert-support-portal-2026

Coverage timeline

first 2026-05-06 → last 2026-05-06

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

incidents

Co-occurring entities

no co-occurrence

Story timeline

2026-05-06CTI Daily Brief — 2026-05-06
incidentsFirst coverage. Social engineering via support chat (.scr file); two analyst endpoints infected; 12-day dwell due to absent EDR; 60 EV cert orders fraudulently generated; 11 used to sign Zhong Stealer malware.

Where this entity is cited

incidents1

Source distribution

helpnetsecurity.com1 (50%)
securityweek.com1 (50%)

All cited sources (2)

Items in briefs about DigiCert support portal compromise — 60 fraudulent EV code-signing certificates

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.