In other words, Man-in-the-Middle attacks against TLS/SSL are real, and this is just some more proof of it.
I'll be reading the paper that this article is based off of to see what the real numbers look like. This piece from the ars article:
"The vast majority of unauthorized credentials were presented to computers running antivirus programs from companies including Bitdefender, Eset, and others. Commercial firewall and network security appliances were the second most common source of forged certificates."
says that almost all of the forged certs they detected were from legit security products. I want to see the numbers to know what percentage were known bad actors.