KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shel...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1190 — Exploit Public-Facing Application (Initial Access)
Clear filter256 articles found
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without r...
Angular Language Service Extension Flaws Allow Remote Code Execution
Multiple high-severity vulnerabilities have been discovered in the Angular Language Service VS Code extension (Angular.ng-template), exposing developers to r...
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited Kn...
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity...
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as...
Hackers Abuse KnowledgeDeliver LMS Flaw to Install BLUEBEAM Web Shell
Hackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according...
[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
Grav CMS 2.0.
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised w...
Nginx-poolslip Flaw Exposes Servers to DoS and Code Execution Attacks
NGINX users are facing a critical security issue after F5 disclosed a new vulnerability, tracked as CVE-2026-9256, affecting the widely used ngx_http_rewrite...
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across...
Hackers Use Six-Layer Persistence on FreePBX Systems
Hackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confiden...
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access...
Google accidentally exposed details of unfixed Chromium flaw
Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, al...
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE...
ABB B&R Automation Studio
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outda...
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Hi...
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exp...
ZDI-26-319: Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is requir...
ZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is requir...