KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

CBSE OSM row: Venugopal urges PM Modi's intervention, says students 'shouldn't be penalised over systemic failure'

A Delhi student alleged his Physics answer sheet was mismatched under CBSE’s OSM system and later faced severe online ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Patterson: The loss they never forgot — and the title Millard North finally won

Millard North celebrated their third title and first since 2005, despite losing five of their last 6 regular season games.

Canadiens’ Lane Hutson leads and learns in playoff run

Hutson plummeted to the second round of the draft that year, where Montreal was able to snag him 62nd overall, a selection that already looks like a historic steal. In his rookie season, he won the ...

Canada’s Sentinel to build drones for Ukraine through joint venture

Ukraine spent the first few years of its war with Russia closely guarding IP and restricting exports of military technologies ...