Daily Security Briefing #243

May 3, 2026 | Read Online

Microsoft Defender false positives, Telegram Mini Apps abused, CISA adds Linux root access bug to KEV, US Military reaches deals with tech companies for AI on classified systems, small business cybersecurity risks, and cPanel flaw mass-exploited in “Sorry” ransomware attacks…

Executive Summary

The past day has seen a mix of security incidents and developments. Microsoft Defender’s false positives have caused widespread disruptions, while Telegram Mini Apps have been abused by cybercriminals for crypto scams and malware delivery. The US Military has reached deals with tech companies to use AI on classified systems. Additionally, CISA has added a recently disclosed Linux root access bug to its KEV catalog.

Top Articles

Microsoft Defender Wrongly Flags DigiCert Certs as Trojan Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts and certificate removal from Windows. This issue has been reported by multiple users. BleepingComputer

Telegram Mini Apps Abused for Crypto Scams and Malware Delivery Cybersecurity researchers have uncovered a large-scale fraud operation using Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. BleepingComputer

CISA Adds Actively Exploited Linux Root Access Bug to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The Hacker News

US Military Reaches Deals with Tech Companies for AI on Classified Systems Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments. SecurityWeek

3 Easy-to-Miss Cybersecurity Risks for Small Businesses Small business owners should be aware of three non-technical risks that require little cybersecurity expertise, including social engineering attacks and inadequate incident response planning. Malwarebytes Blog

cPanel Flaw Mass-Exploited in “Sorry” Ransomware Attacks A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.