SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Bleeping Computer

Ivanti Workspace Control hardcoded key flaws expose SQL credentials

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and ...