https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

#MicrosoftDefender wrongly flags #DigiCert certs as #Trojan:Win32/Cerdigent(dot)A!dha

https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

#cybersecurity #Microsoft

Microsoft Defender's recent false positive, flagging legitimate DigiCert root certificates as 'Trojan:Win32/Cerdigent.A!dha', sent IT teams globally into a frenzy on May 3. This widespread incident consumed valuable operational time, undermined faith in automated defenses, and highlights the urgent need for more stringent testing of security intelligence updates for foundational system…

https://www.tpp.blog/1f9adaw

#cybersecurity #microsoftdefender #digicert

🤖 This post was AI-generated.

Microsoft Defender Flags DigiCert Certificates as Malware in False Positives

Microsoft Defender's recent signature update mistakenly flagged legitimate DigiCert root certificates as malware, causing widespread alerts and removal of the certificates, and even prompting some users to reinstall Windows. DigiCert quickly revoked the affected certificates within 24 hours of discovery,…

https://osintsights.com/microsoft-defender-flags-digicert-certificates-as-malware-in-false-positives?utm_source=mastodon&utm_medium=social

#FalsePositives #MicrosoftDefender #Digicert #CertificateRevocation #MalwareDetection

Komari Red: The Monitoring Tool with a Built-in Reverse Shell

On April 16, 2026, a threat actor leveraged stolen VPN credentials to access a Windows workstation and deployed a SYSTEM-level backdoor using the Komari agent, an open-source monitoring tool with built-in command-and-control capabilities. The attacker authenticated through an SSLVPN session from IP 45.153.34[.]132 and used Impacket smbexec.py to enable RDP on the target system. The Komari agent was installed as a persistent Windows service named 'Windows Update Service' using NSSM, pulling the installer directly from the official GitHub repository. Komari provides bidirectional control through WebSocket connections, offering arbitrary command execution, interactive reverse shell access, and network probing capabilities by default. Microsoft Defender quarantined an earlier registry dump attempt, forcing the adversary to pivot to this GitHub-based approach. This represents the first publicly documented case of Komari being abused in a real-world intrusion.

Pulse ID: 69f29e7612b827a15dfc7787
Pulse Link: https://otx.alienvault.com/pulse/69f29e7612b827a15dfc7787
Pulse Author: AlienVault
Created: 2026-04-30 00:12:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #GitHub #InfoSec #Microsoft #MicrosoftDefender #OTX #OpenThreatExchange #RCE #RDP #SMB #SSL #VPN #Windows #bot #AlienVault

We'll install MS Defender on your VMs, they said.
It will make them more secure, they said.

#infosec #Defender #MicrosoftDefender
#RedSun #BlueHammer #UnDefend

🔴 Your Antivirus Just Became a Weapon

Your antivirus is supposed to protect you - but right now, it can be used to hack you.

https://www.youtube.com/shorts/qeUiOZtdcwE

#cybersecurity #microsoftdefender #hacking #infosec #patchnow #cve #vulnerability #threatintel #security #redteam