SecuritySigning-as-a-Service Exposed: Fox Tempest Sold Microsoft's Code-Signing Trust Per Payload
Microsoft's Fox Tempest takedown exposes a criminal market for code-signing trust sold per payload; a PAN-OS zero-day with six weeks of state-sponsored exploitation went unreported through all of W21; and Shai-Hulud nearly doubled in scope with Grafana's source code as the first named downstream casualty.