InfoSecBulletin Cybersecurity for mankind
Security researchers found that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the public DNS service operated by Cloudflare.
Improperly issued certificates by the Fina RDC 2020 authority could let attackers intercept and decrypt DNS queries, revealing users’ browsing habits.
Microsft warns of active directory and office vulnarabilty
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
However, if a malicious or unauthorized party holds a valid certificate, they can impersonate the domain and carry out what is known as an “adversary-in-the-middle” attack.
Fina RDC 2020 certificates were automatically trusted on Windows and Microsoft Edge because they are linked to the Fina Root CA.
The root certificate belongs to Microsoft’s Root Certificate Program. Major browsers like Google Chrome and Mozilla Firefox, along with Apple’s Safari, do not trust Fina. Therefore, only users of Windows and Edge were at risk.
Cloudflare confirmed that it did not request or authorize the issuance of these certificates. “Upon seeing the report on the certificate-transparency email list, we immediately kicked off an investigation and reached out to Fina, Microsoft, and Fina’s TSP supervisory body,” said a Cloudflare spokesperson.
“These parties can mitigate the issue by revoking the trust in Fina or revoking the mis-issued certificates. We also want to reassure users that our WARP VPN service was not affected.”
Microsoft indicated it has already “engaged the certificate authority to request immediate action” and plans to block the rogue certificates by adding them to its disallowed certificate list.
The company did not explain how the certificates evaded detection for four months, despite their creation in May.
This situation shows a serious flaw in the internet’s certificate system, where the failure of one certificate authority can affect the trust that millions depend upon.
Hacker accessed Brazil’s Real-Time Payment System: Attempted grabing $130M
