Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Author: Jim Love May 4, 2026 Duration: 13:37
Cybersecurity Today
NewsTechnology

Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. 
At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign. 


Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption. 

Also in this episode:


The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list


A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments


This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now.

Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security 

Suggested Chapters (for retention and SEO)
00:00 Microsoft Defender deletes trusted certificates
02:20 DigiCert breach and stolen code-signing certificates
05:20 cPanel zero-day exploited, 44,000 servers compromised
08:40 Linux Copyfail vulnerability now actively exploited
10:40 Critical flaw in open-source car software

 


Every morning, Jim Love sifts through the noise of the digital world to bring you a clear, concise briefing on what actually matters. Cybersecurity Today isn't about fearmongering; it's about practical awareness. You'll hear straightforward analysis of the most recent attacks targeting companies, from sophisticated ransomware campaigns to stealthy data theft. Jim breaks down the implications of major breach disclosures, explaining not just what was stolen, but how it happened and who is affected. The focus remains on actionable intelligence-concrete steps and strategic thinking that can help protect your organization's data and infrastructure. This daily podcast serves as an essential filter for IT professionals, business leaders, and anyone responsible for digital assets, transforming complex threats into understandable insights. Tune in for a grounded perspective on navigating an online landscape where the risks are constantly evolving, and the need for clear, timely information has never been greater.
Author: Language: English Episodes: 100

Official website RSS
linkedin
Cybersecurity Today
Podcast Episodes
Major US Bank Data Linked Through Breach At SitusAMC [not-audio_url] [/not-audio_url]

Duration: 11:32
In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group clai…

«1...678910