Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the volume of software supply chain attacks continues to grow, organizations must increase controls over how they sign, store, and release code. DigiCert has launched two cloud-based solutions that help organizations both protect their private keys and improve the efficiency of their code signing operations: DigiCert KeyLocker and DigiCert Software Trust Manager.

Something big just happened in the cybersecurity world. And if you’re using OpenAI’s macOS apps… this affects you directly. OpenAI has rotated its macOS code-signing certificates after a supply chain attack quietly slipped into its workflow. No, your data wasn’t stolen. But yes, this is serious enough that every macOS user must update before May 8, 2026.

Microsoft is preparing a major change to Windows that could quietly reshape how security and compatibility are balanced across the entire ecosystem. Starting April 2026, Windows will begin blocking kernel drivers signed through the legacy cross-signed root program by default, replacing a decades-old trust model with a stricter, policy-driven approach centred on the Windows Hardware Compatibility Program (WHCP). This is more than a routine update.

With an ever-increasing demand for additional security from today’s technology platforms, Microsoft is implementing several new measures to build a more robust ecosystem by default.

OWASP (Open Web Application Security Project) is a non-profit organisation that has been in existence since 2001. Its mission is to educate (provide direction) webmasters and security professionals about how to create, buy, and keep secure, trusted software applications.” In simple terms, OWASP is a group of application security companies and experts that work collectively to develop a list of the most serious security threats to web applications.

Every day, thousands of developers unknowingly leave the keys to their company’s lying around… in code. It sounds crazy, right? But it happens more often than you think. A single hardcoded AWS access key, an overlooked database password, or an exposed API token on GitHub can be all it takes. And the result? Multi-million-dollar breaches, lost customer trust, and a brand reputation that takes years to rebuild. Hackers don’t need to break in when you leave the door wide open.

Code signing certificates changed from being stored in the form of plain files to being stored on hardware solutions such as USB tokens and HSMs. The shift was initiated by some industry giants and the CA/Browser Forum (CA/B Forum), which eventually led to stronger protection for private keys. This was done by ensuring that the certificates do not get easily extracted or misused. Three years after this event happened, there is going to be another major change.

Data breaches aren’t costing thousands anymore. They’re costing companies their reputation, their customers, and in many cases, their future. And here’s the part nobody tells you until it’s too late. It’s not always ransomware. It’s not always a missing patch. It’s not always some genius hacker breaking in through a zero-day exploit. It’s simply because someone gained access to the encryption keys.

You’re excited to install the latest update for your favourite app. You hit download, the installation runs smoothly, and everything looks fine until you realise the update wasn’t from the developer at all. It was tampered with. Your system is now quietly leaking data to an attacker.

A Hardware Security Module (HSM) is a tamper-proof device that has been built to generate, hold, and securely use cryptographic keys. With regard to Code Signing, an HSM guarantees that your private key (s) will remain inside a secure environment, without the ability for anyone else to take or abuse them in any manner. By doing this, the likelihood of your key being stolen, duplicated, or otherwise compromised is significantly reduced.