Comment by dmichulke

They specifically name MacOS and Windows, so it is something about their network's and their computer's security?

Have the signing devices been iOS or Android phones?

Shouldn't a signing device be (in such a case) used for signing only, e.g. a QR-Code signer with no OS that specifically shows the inputs and outputs to the transaction?