A Microsoft Defender update turned trusted certificates into security scares. The false positive, tied to detections for Trojan:Win32/Cerdigent.A!dha, caused Defender to flag legitimate DigiCert root certificates as malicious after an April 30 signature update. In some cases, administrators reported that trusted certificates were removed from Windows systems, disrupting trust relationships and forcing IT teams to sort out whether they were seeing a real compromise or a broken detection. “Earlier today, we determined false positive alerts were mistakenly triggered and updated the alert logic,” Microsoft said, as reported by BleepingComputer. The incident is a reminder that automated defenses can create their own blast radius when certificate trust, malware detection, and rapid response collide. Inside the DigiCert false positive incident The issue began following a Microsoft Defender signature update released on Apr. 30, which introduced detections for Trojan:Win32/Cerdigent.A!dha .…