EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Microsoft dismantles Fox Tempest malware-signing service abusing short-lived certificates

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-20 00:45 UTCUpdated 2026-05-20 15:58 UTC
rss
malwareexploitssecurity_toolingincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Microsoft disrupts Fox Tempest malware-signing service
SC Media · News · scworld.com · 2026-05-20 15:58 UTC
Fake malware-signing service Fox Tempest dismantled by Microsoft
Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-05-20 15:33 UTC
View all evidence
Overview

Microsoft has disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation that exploited the company's Artifact Signing system to issue short-lived Microsoft certificates.

Entities
MicrosoftFox Tempestsignspace.cloud
Score total
1.2
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Microsoft recently dismantled Fox Tempest, highlighting ongoing threats exploiting trusted certificate systems.
  • The use of short-lived certificates by attackers is a novel evasion technique requiring immediate attention.
  • This takedown signals increased efforts to combat malware-signing-as-a-service operations worldwide.
Why it matters
  • Malware signed with trusted certificates can bypass security controls and allow attackers to evade detection.
  • Disrupting such services helps prevent widespread ransomware and malware attacks globally.
  • Closing this loophole strengthens trust in software signing and improves overall cybersecurity defenses.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Fox Tempest operated a malware-signing-as-a-service platform that issued short-lived Microsoft certificates to sign malicious files, enabling malware to bypass security defenses.
How sources frame it
  • Malwarebytes Threat Analysis: neutral
  • The Hacker News: neutral
  • SC Media: neutral
All evidence
All evidence
Microsoft disrupts Fox Tempest malware-signing service
SC Media · scworld.com · 2026-05-20 15:58 UTC
Fake malware-signing service Fox Tempest dismantled by Microsoft
Malwarebytes Threat Analysis · malwarebytes.com · 2026-05-20 15:33 UTC
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
thehackernews · thehackernews.com · 2026-05-20 14:36 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SC Media (1)
  • Malwarebytes Threat Analysis (1)
  • thehackernews (1)
Top origin domains (this list)
  • scworld.com (1)
  • malwarebytes.com (1)
  • thehackernews.com (1)