> TritonInfoSec News
Home / May 28, 2026 / Story
0
#7 SecurityWeek general May 26, 2026 at 11:14 UTC

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

By Ionut Arghire

AI Summary

Attackers exploited a zero-day vulnerability in the KnowledgeDeliver learning management system by leveraging hardcoded machineKey values in a configuration file to perform ViewState deserialization attacks, ultimately achieving remote code execution and deploying the Godzilla web shell. The use of hardcoded cryptographic keys as an attack vector underscores ongoing risks in .NET-based web applications. Incident responders should check for Godzilla web shell indicators on any KnowledgeDeliver deployments.

Read full article → https://www.securityweek.com/hackers-exploited-kno…

Relevance score: 77.0/100

# More from May 28

  1. 1
    Glassworm botnet disrupted after resilient C2 infrastructure takedown BleepingComputer
  2. 2
    CISA gives feds 4 days to patch actively exploited cPanel plugin flaw BleepingComputer
  3. 3
    Iranian intelligence service behind hack of LA transit system, researchers say The Record
  4. 4
    FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data SecurityWeek
  5. 5
    Gitea Vulnerability Exposes Private Container Images without Authentication The Hacker News
  6. 6
    Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries SecurityWeek
  7. 8
    Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands SecurityWeek
  8. 9
    CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks The Hacker News
  9. 10
    185,000 Likely Impacted by 7-Eleven Data Breach SecurityWeek