Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek.
Threat actors exploited a KnowledgeDeliver zero-day vulnerability to deploy web shells and backdoors, Google-owned Mandiant reports.
A learning management system (LMS) built by Digital Knowledge, KnowledgeDeliver is widely used for enterprise and educational e-learning, mainly in Japan.
The exploited zero-day, tracked as CVE-2026-5426 (CVSS score of 7.5), existed because Digital Knowledge deployments used a standardized ‘web. config’ file that contained hardcoded ‘machineKey’ values. These keys are used by the ASP.NET framework for data encryption and signing.
Source: https://www.securityweek.com/hackers-exploited-knowledgedeliver-zero-day-for-web-shell-deployment/
Related breach coverage
- Gogs Zero-Day Exposes Servers to Remote Code Execution2026-05-29
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
- Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches2026-06-02
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
- Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking2026-05-21
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.
- Chrome 148 Update Patches 151 Vulnerabilities2026-05-29
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.