Zeljka Zorz

@campuscodi

Apparently, the issue that led to the certificate revocation is ScreenConnect storing configuration data in an available area of the installer that is not signed.

Attackers are changing the configuration data to suit their needs, without affecting the signature.

It's been happening for months, it seems.

https://www.helpnetsecurity.com/2025/06/11/connectwise-is-rotating-code-signing-certificates-what-happened/

Connectwise is rotating code signing certificates. What happened? - Help Net Security

Connectwise is updating the digital signing certificates used in ScreenConnect, Automate, ConnectWise RMM due to security concerns.

Help Net Security
Jun 24 at 7:10amWeb