KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
Computerworld

Industry

EU moves forward on $5.8B scale-up fund to keep startups from leaving The initiative is part of a broader EU push to build up the domestic tech sector and address a long-standing shortage of ...
GitHub

AloneMonkey/frida-ios-dump

For SSH/SCP make sure you have your public key added to the target device's ~/.ssh/authorized_keys file. ./dump.py Aftenposten Start the target app Aftenposten ...