Morning Overview on MSN

The TanStack supply chain attack hit OpenAI — hackers reached two employee devices and forced the company to rotate all its code-signing certificates

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...
Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
Dark Reading

8 Strategies for Enhancing Code Signing Security

The recent news that hackers had breached remote access solution company AnyDesk shined a harsh light on the need for companies to take a long, hard look at code-signing practices to help ensure a ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
Wired

GitHub Moves to Guard Open Source Against Supply Chain Attacks

Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...
SiliconANGLE

Fortanix and Sectigo join forces to secure software supply chains with automated code signing

Multicloud security firm Fortanix Inc. today announced a new partnership with digital certificates and certificate lifecycle management firm Sectigo Ltd. that will allow enterprises to secure their ...
InfoWorld

Understanding Microsoft’s Trusted Signing service

How do we ensure that the code we’re installing is, at the very least, the code that a vendor shipped? The generally accepted solution is code signing, adding a digital signature to binaries that can ...