Signature Verification: How to Verify a Digital Signature Online
Digital signatures add another layer of security to your online transactions and communications. But how can you know they’re real? We’ll walk you through how to verify a digital signature online in several popular systems and email clients Digital signatures, unlike electronic signatures, can be cryptographically proven. This enables recipientsContinue Reading
Phishing attacks with new domains likely to continue
Unfortunately the string of phishing attacks using domain-confusionand legitimate-looking emails continues. This is the same attack PyPI saw a few months agoand targeting many other open source repositoriesbut with a different domain name. Judging from this, we believe this type of campaign will continuewith new domains in the future. InContinue Reading
Token Exfiltration Campaign via GitHub Actions Workflows
Summary I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens.PyPI was not compromised, and no PyPI packages were published by the attackers. Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored asContinue Reading
An Explainer Guide on Multi-Perspective Issuance Corroboration (MPIC)
Internet security is leveling up with MPIC. While your organization likely won’t need to do anything to prepare, here’s what to know about the industry’s changes and why they’re good for security Starting Sept 15, 2025, all publicly trusted certification authorities (CAs such as DigiCert, Sectigo, etc.) must perform domainContinue Reading
‘World Quantum Readiness Day’ Returns with the Latest in PQC
Sept. 10: Get actionable insights from 20+ global experts as they discuss PQC readiness assessments, migration plans, and other practical strategies DigiCert is hosting its second annual World Quantum Readiness Day on Wednesday, Sept. 10, 2025. This two-hour webinar, themed “Quantum Blueprint: From Business Justification to Technical Readiness,” will featureContinue Reading
Preventing Domain Resurrection Attacks
Summary PyPI now checks for expired domains to prevent domain resurrection attacks,a type of supply-chain attack where someone buys an expired domainand uses it to take over PyPI accounts through password resets. These changes improve PyPI’s overall account security posture,making it harder for attackers to exploit expired domain namesto gainContinue Reading
PyPI now serves project status markers in API responses
PyPI now serves project status markers in its standardindex APIs. This allows downstream consumers (like Python package installers andindex mirrors) to retrieve project statuses programmatically and use them toinform users when a project is archived or quarantined. Summary PyPI has implemented project status markers as proposed and accepted in PEPContinue Reading
Email Certificate Standards Updated to Support ACME Automation & Future PQC Security
Changes to the S/MIME Certificate Baseline Requirements add support for automated mailbox validation (via the ACME protocol) and post-quantum cryptography algorithm testing July 2025 was a busy period in the CA/Brower Forum’s (CABF) S/MIME Certificate Working Group (SMCWG). There are two key ballots relating to S/MIME certificates that have beenContinue Reading
Critical Infrastructure Protection: Securing Essential Systems Against Cyber Threats
From cyber attacks on emergency call centers to electric and telecom network infiltrations, here’s what to know about the threats plaguing critical infrastructure sectors and how to fight back “We’re sorry, the number you are calling is not available.” Service outages can bring emergency services like 911 to a standstill.Continue Reading
Social Engineering Statistics 2025: When Cyber Crime & Human Nature Intersect
These 30 social engineering attack statistics reveal human vulnerabilities and how bad guys love to exploit them (to your detriment) Social engineering doesn’t hack your company’s devices or digital assets; it “hacks” the people who have access to them. Bad guys have been influencing the behaviors of others throughout recordedContinue Reading