2026-05-27 · trezor
Trezor published a release note explaining a certificate transition for Trezor Suite. The change affects update handling across Windows, macOS, and Linux, and users may need to install an intermediary version before moving to the latest release. The update is operationally small but security-relevant because it touches trust in the software distribution path. Trezor is also using the note to reinforce safe-update hygiene and warning users to verify the publisher before installing.
Trezor says it is moving to a new certificate because of a legal-name change, and that the next Suite update will work differently than normal. The company expects users to update first to version 24.5.4, then update again to the latest release.
Wallet software distribution is a critical trust boundary because a malicious installer can redirect funds or leak recovery data. If users ignore publisher warnings, the damage can include phishing exposure, fraudulent updates, and compromised device trust.
Cold storage helps because the hardware device remains the final signing authority even when desktop software changes. The safest pattern is still to verify the publisher, keep recovery seeds offline, and let the signer, not the host machine, control value movement.
Read Original Post →