KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Ontario municipal councillors to face stiffer ethics penalties under new bill

New rules could be in place ahead of October municipal elections, says Municipal Affairs and Housing Minister Rob Flack ...

Pressure review: This Second World War thriller is the Saving Private Ryan of meteorology

Wartime film starring Andrew Scott and Brendan Fraser tells the lesser-known story of the weather forecasters who chose the ...

After 7 Million Investigations in Production, 7AI Widens the Gap in Agentic Security with ...

AI, the company making AI agents work for security teams, today announced PLAID ELITE, its fully managed AI-native security operations offering, and 100 new AI jobs at its Boston headquarters. One ...
Infosecurity Magazine

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators ...

Hottest May day record broken again as temperature hits 35.1C in London

Today's 35.1C (95.2F) at Kew Gardens beats the record set yesterday of 34.8C - Wales and the island of Ireland have also had ...