> TritonInfoSec News
Home / May 27, 2026 / Story
0
#5 The Hacker News general May 26, 2026 at 05:19 UTC

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

By [email protected] (The Hacker News)

AI Summary

CVE-2026-5426 (CVSS 7.5), a zero-day in Digital Knowledge's KnowledgeDeliver LMS — popular in Japan — was exploited to deploy the Godzilla web shell and Cobalt Strike Beacon via hardcoded ASP.NET machineKey values enabling ViewState deserialization attacks. The use of hardcoded machineKeys is a well-known ASP.NET misconfiguration that enables unauthenticated RCE, and this incident confirms active exploitation in the wild. Organizations running KnowledgeDeliver or any ASP.NET application with shared or hardcoded machineKeys should rotate keys and audit for web shell indicators immediately.

Read full article → https://thehackernews.com/2026/05/knowledgedeliver…

Relevance score: 83.0/100

# More from May 27

  1. 1
    Charter confirms data breach after ShinyHunters extortion threat BleepingComputer
  2. 2
    Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions The Hacker News
  3. 3
    Millions of AI agents imperiled by critical vulnerability in open source package Ars Technica Security
  4. 4
    Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos Dark Reading
  5. 6
    Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations The Record
  6. 7
    7-Eleven data breach exposes personal information of 185,000 people BleepingComputer
  7. 8
    MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries The Hacker News
  8. 9
    CISA orders feds to patch actively exploited Drupal vulnerability BleepingComputer
  9. 10
    Ghost CMS Vulnerability Exploited to Hack Over 700 Websites SecurityWeek