DigiCert compromise precedes widespread Microsoft Defender false positives

Threat actors exploited DigiCert’s customer support chat to deliver a malicious ZIP (with a screensaver payload), abused privileged support tooling to obtain initialization codes for pending EV code-signing certificates, and caused the issuance/control of dozens of certificates (60 revoked as a precaution). A subsequent Microsoft Defender security intelligence update mistakenly flagged legitimate DigiCert certificates as Trojan:Win32/Cerdigent.A!dha, triggering widespread quarantines and removal of certificates that disrupted HTTPS, code-signing, and related services; the incident highlights social-engineering of support channels, EDR misconfigurations, and the high impact of PKI/supply-chain compromises.