Taiwan-based networking equipment manufacturer D-Link accidentally published its private code signing keys in the source of one of its firmware update. The code signing certificate is indeed a firmware package, firmware version 1.00b03, whos source was released February 27 this year. Security expert Yonathan Klijnsma from security firm Fox-IT confirmed the disconcerting discovery was confirmed by the security expert. It is still unclear whether the code signing private keys have been used by threat actors to sign malicious code signing certificates.”]
Source: http://securityaffairs.co/wordpress/40256/cyber-crime/d-link-code-signing-keys.html