Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Author: Jim Love May 4, 2026 Duration: 13:37
Cybersecurity Today
NewsTechnology

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. 
At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign. 


Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption. 

Also in this episode:


The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list


A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments


This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now.

Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

Suggested Chapters (for retention and SEO)
00:00 Microsoft Defender deletes trusted certificates
02:20 DigiCert breach and stolen code-signing certificates
05:20 cPanel zero-day exploited, 44,000 servers compromised
08:40 Linux Copyfail vulnerability now actively exploited
10:40 Critical flaw in open-source car software

 


Every morning, Jim Love sifts through the noise of the digital world to bring you a clear, concise briefing on what actually matters. Cybersecurity Today isn't about fearmongering; it's about practical awareness. You'll hear straightforward analysis of the most recent attacks targeting companies, from sophisticated ransomware campaigns to stealthy data theft. Jim breaks down the implications of major breach disclosures, explaining not just what was stolen, but how it happened and who is affected. The focus remains on actionable intelligence-concrete steps and strategic thinking that can help protect your organization's data and infrastructure. This daily podcast serves as an essential filter for IT professionals, business leaders, and anyone responsible for digital assets, transforming complex threats into understandable insights. Tune in for a grounded perspective on navigating an online landscape where the risks are constantly evolving, and the need for clear, timely information has never been greater.
Author: Language: English Episodes: 100

Official website RSS
linkedin
Cybersecurity Today
Podcast Episodes
Connected Cars Are Rolling Spy Networks — And They Can Be Hacked [not-audio_url] [/not-audio_url]

Duration: 44:51
Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS…
WhatsApp Encryption Under Fire After Probe Shut Down [not-audio_url] [/not-audio_url]

Duration: 10:06
A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions.…
Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed [not-audio_url] [/not-audio_url]

Duration: 15:46
A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first…
Inside The Vercel Supply Chain Exploit [not-audio_url] [/not-audio_url]

Duration: 17:39
Inside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a br…
Vercel Breach Started With AI Tool [not-audio_url] [/not-audio_url]

Duration: 10:42
Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman" David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool…
Security Researcher Goes To War Against Microsoft [not-audio_url] [/not-audio_url]

Duration: 20:47
Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly rele…
Cybersecurity Today Month in Review of March/April 2026 [not-audio_url] [/not-audio_url]

Duration: 1:02:21
Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC t…

12345...10»