SECURITYTHE HACKER NEWS
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A high-severity vulnerability in Digital Knowledge's KnowledgeDeliver LMS (CVE-2026-5426) was exploited as a zero-day to deploy the Godzilla web shell and Cobalt Strike Beacon. The flaw, involving hard-coded ASP.NET machine keys, has now been patched.
Mentioned
Related Signal
Adjacent reporting
- Fortinet Issues Emergency Patch for FortiClient Zero-Day
- Microsoft Exchange Zero-Day Under Attack, No Patch Available
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
- Adobe Patches Actively Exploited Zero-Day That Lingered for Months
- Microsoft warns of Exchange zero-day flaw exploited in attacks
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw