KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

Ontario municipal councillors to face stiffer ethics penalties under new bill

New rules could be in place ahead of October municipal elections, says Municipal Affairs and Housing Minister Rob Flack ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
Infosecurity Magazine

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators ...

Hottest May day record broken again as temperature hits 35.1C in London

Today's 35.1C (95.2F) at Kew Gardens beats the record set yesterday of 34.8C - Wales and the island of Ireland have also had ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Pressure review: This Second World War thriller is the Saving Private Ryan of meteorology

Wartime film starring Andrew Scott and Brendan Fraser tells the lesser-known story of the weather forecasters who chose the ...
Microsoft

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with ...

AI Agents Plunged the Tech World Into Chaos. Here’s Exactly How That Happened

The definitive story of how Claude Code and OpenClaw kicked off computing’s biggest transformation possibly ever.