DigiCert has revoked 60 fraudulently obtained security certificates after hackers breached its support portal in April. The attackers delivered malware through customer chat disguised as a screenshot, infected two systems, then exploited support analyst access privileges to obtain initialization codes for EV Code Signing certificates. Among the revoked certificates, 11 were used to sign the Zhong Stealer malware, and DigiCert has since implemented stronger security controls including mandatory multi-factor authentication and restricted file-sharing capabilities in support channels.