InfoSecBulletin Cybersecurity for mankind
Security researchers found that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the public DNS service operated by Cloudflare.
Improperly issued certificates by the Fina RDC 2020 authority could let attackers intercept and decrypt DNS queries, revealing users’ browsing habits.
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
However, if a malicious or unauthorized party holds a valid certificate, they can impersonate the domain and carry out what is known as an “adversary-in-the-middle” attack.
Fina RDC 2020 certificates were automatically trusted on Windows and Microsoft Edge because they are linked to the Fina Root CA.
The root certificate belongs to Microsoft’s Root Certificate Program. Major browsers like Google Chrome and Mozilla Firefox, along with Apple’s Safari, do not trust Fina. Therefore, only users of Windows and Edge were at risk.
Cloudflare confirmed that it did not request or authorize the issuance of these certificates. “Upon seeing the report on the certificate-transparency email list, we immediately kicked off an investigation and reached out to Fina, Microsoft, and Fina’s TSP supervisory body,” said a Cloudflare spokesperson.
“These parties can mitigate the issue by revoking the trust in Fina or revoking the mis-issued certificates. We also want to reassure users that our WARP VPN service was not affected.”
Microsoft indicated it has already “engaged the certificate authority to request immediate action” and plans to block the rogue certificates by adding them to its disallowed certificate list.
The company did not explain how the certificates evaded detection for four months, despite their creation in May.
This situation shows a serious flaw in the internet’s certificate system, where the failure of one certificate authority can affect the trust that millions depend upon.
Hacker accessed Brazil’s Real-Time Payment System: Attempted grabing $130M
