We are aware of a recent issue where Microsoft Defender incorrectly flagged certain DigiCert root certificates as malware (“Trojan:Win32/Cerdigent.A!dha”). This was the result of a Microsoft security intelligence update that caused false positives.

Microsoft has confirmed this was an error in their detection logic—not a compromise of DigiCert certificates. An updated Defender signature has already been released to resolve the issue.

At this time:

• DigiCert certificates remain secure and trustworthy.
• No action is required beyond ensuring Microsoft Defender is fully up to date.
• Any certificates incorrectly removed by Defender should be automatically restored after updating.

In a separate event in April 2026, a limited number of code signing certificates were misissued and were quickly revoked. There is no evidence of broader impact to customer certificates, accounts, data, or DigiCert systems. All impacted customers were directly contacted as part of the completed revocation process. If you were not contacted, your organization was not impacted and no further action is required.

We are continuing to monitor the situation closely. If you have questions or experience ongoing issues, please contact DigiCert support.

At DigiCert, trust is at the core of everything we do, guiding our commitment to securing digital interactions and maintaining the highest standards of integrity and reliability.