DigiCert Hit by Malware Attack via Customer Support Chat — 60 EV Code Signing Certificates Revoked

Summary

Certificate authority DigiCert has disclosed a malware attack that compromised its internal systems through a customer support chat interaction. The attackers used the initial foothold to pivot into DigiCert’s support portal, where they were able to obtain Extended Validation (EV) code signing certificates — one of the most trusted forms of digital identity on the internet.

As a result of the breach, DigiCert has revoked approximately 60 certificates and canceled affected orders. The company is working with affected customers to reissue legitimate certificates. The incident was publicly disclosed on May 5, 2026, and DigiCert has engaged external forensic investigators to determine the full scope of the compromise.

Source

📰 CISO Series — DigiCert Revokes Certificates After Malware Attack

Commentary

This is a supply chain nightmare scenario. EV code signing certificates are the gold standard for software trust — they tell Windows, macOS, and security tools that “this software is from a verified, legitimate organization.” If attackers obtained fraudulent EV certs, they could sign malware that would bypass SmartScreen, AV heuristics, and enterprise allow-listing in one stroke.

The attack vector — malware delivered through customer support chat — is a reminder that every interactive channel is an attack surface. Certificate authorities are among the most critical trust anchors in the internet ecosystem, and a breach of their issuance pipeline has cascading downstream effects. The 60 revoked certs are the known damage; the real question is whether any were used to sign malicious payloads before revocation.