Even the software itself does not signed with a validatable cert. How do the hijacker overcome the https cert though? It's 2025 now. It's extremely unlikely that anyone fetch binary with plain text http. Is wingup get compromised and have a cert leak? Or there is yet another root CA doing weird thing?
No comments yet.