KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Spellbook lands ex-Shopify CTO Jean-Michel Lemieux in new ‘executive skipper’ post

Lemieux and Spellbook chief executive Scott Stevenson believe new role is better suited to realities of building AI-native ...
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...