Morning Review in IT Security — May 11, 2026

The cybersecurity landscape continues to face significant threats as attackers exploit trusted infrastructure and target critical organizations globally. Today's review covers certificate abuse, state-sponsored infiltration, and major data breaches affecting telecommunications and government sectors.

Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

DigiCert has revoked 60 code signing certificates after a sophisticated social engineering attack enabled hackers to obtain legitimate credentials for signing malware. The attackers used a malicious support chat attachment to compromise DigiCert's systems, subsequently using the stolen certificates to sign the Zhong Stealer malware. This incident represents a critical supply chain vulnerability, as code signing certificates are fundamental trust mechanisms that users and security systems rely upon to verify software authenticity.

The compromise demonstrates how attackers can weaponize trusted certificate authorities to distribute malware with apparent legitimacy. Source: Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms

Two US citizens, Matthew Knoot and Erick Prince, have each received 18-month prison sentences for providing material support to North Korean hackers targeting American companies. The men facilitated these infiltrations by operating remote laptop farms that enabled the state-sponsored threat actors to access and compromise US firms. This case underscores the serious legal consequences for individuals who knowingly assist foreign adversaries in conducting cyberattacks against domestic targets.

The sentencing reflects law enforcement's commitment to disrupting the infrastructure that enables nation-state cyber operations. Source: Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms

LAPSUS$ Group Leaks Vodafone Data

The LAPSUS$ threat group has claimed responsibility for breaching and leaking data belonging to Vodafone, a major telecommunications provider. This incident adds to the group's track record of high-profile breaches targeting critical infrastructure and commercial organizations. Source: ‼️🇬🇧 LAPSUS$ Group has leaked the data of Vodafone

BADC Breach Exposes Private Git Repository

A threat actor has allegedly breached the Bangladesh Agricultural Development Corporation (BADC), an autonomous government body, exposing the organization's full private git repository. The leaked source code repository represents a significant supply chain and operational security concern for the government entity and potentially for any downstream systems or applications that depend on its code. Source: ‼️🇧🇩 BADC allegedly breached exposing full private git repo from Bangladesh Agricultural Development Corporation

Today's threat landscape reflects the evolving sophistication of attackers, from certificate authority compromises to state-sponsored infrastructure abuse and targeting of critical government and commercial entities across multiple continents.