KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

Tuesday, May 26, 2026 at 05:19 AM UTC·Source: The Hacker News

Updated: Tuesday, May 26, 2026 at 06:00 AM UTC

Executive Summary

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-5426

NVD MITRE CVE

Source Attribution

Originally published by The Hacker News on May 26, 2026.

Related Threats

CRITICALZero DayPOC

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.

2d agoThe Record

CRITICALZero Day

Gogs Zero-Day Exposes Servers to Remote Code Execution

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek .

2d agoSecurityWeek

CRITICALZero Day

This month in security with Tony Anscombe – May 2026 edition

In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit

2d agoWeLiveSecurity (ESET)