KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
CPO Magazine

Security Flaw in Claude AI Chrome Extension Enables Attackers to Execute Privileged Commands and Steal Data

A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

U.S. strike on boat in eastern Pacific kills one, leaves two survivors

Trump administration’s campaign of blowing up alleged drug-trafficking vessels has killed at least 194 in total ...
The Caledonian-Record

Command Alkon Appoints Davis Jackson to Drive Next Phase of Global Revenue Growth

Command Alkon, the global leader in software and platform technology for the heavy building materials industry, announces the recent appointment of Davis ...
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

A variant of the PureLogs infostealer malware has been distributed through purchase-order-themed phishing emails that use a ...
The Caledonian-Record

Cohere Releases Command A+: An Open-Source Enterprise AI Model Built for Sovereign Critical Infrastructure

Cohere, the trusted sovereign AI platform for governments and regulated industries worldwide, today announced the release of Command A+, a powerful open-source Mixture-of-Experts (MoE) model released ...

ISIS second in command killed in joint operation, U.S. and Nigeria say

Minuki, the second in command of ISIS globally, has been killed in an operation conducted by U.S. and Nigerian forces in the ...