Cybercrime service disrupted for abusing Microsoft platform to sign malware

Tuesday, May 19, 2026 at 09:47 PM UTC·Source: BleepingComputer

Updated: Tuesday, May 19, 2026 at 10:00 PM UTC

Executive Summary

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. [...]

Analysis

Source Attribution

Originally published by BleepingComputer on May 19, 2026.

Related Threats

HIGHRansomware

FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.

2h agoGraham Cluley

CRITICALRansomware

Microsoft disrupts malware code-signing service used by ransomware gangs

Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates. Microsoft seized the group’s website, signs

9h agoCSO Online

HIGHRansomware

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays worsen, and ransomware and third-party compromises continue to surge. The post Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector appeared first on SecurityWeek .

10h agoSecurityWeek