Attackers are leveraging Amazon SES, a legitimate and trusted service, to send malicious emails that bypass authentication checks like SPF, DKIM, and DMARC.
The false positives involved specific DigiCert root certificates, identified by their SHA-1 hashes, which were flagged as Trojan:Win32/Cerdigent.A!dha.
Commercial spam now constitutes 46% of all spam globally, with a significant portion originating from compromised accounts and free email services, according to VIPRE Security Group's Q1 2026 Email Threat Trends Report.