InfoSec News Nuggets 4/24/2025
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites. With those certificates in hand, said fraudsters could set up more-convincing malicious copies of those sites for things like credential phishing, or decrypt intercepted HTTPS traffic between those sites and their visitors. And since learning of that…