BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Digital Knowledge LMS Zero-Day Deploys Malware

Hard-coded keys in Japanese LMS led to malware deployment via zero-day exploit.

  • A critical vulnerability (CVE-2026-5426) in the Japanese LMS Digital Knowledge KnowledgeDeliver allowed unauthenticated remote code execution.
  • Attackers exploited this flaw as a zero-day to deploy the Godzilla web shell and ultimately install the Cobalt Strike Beacon malware on users’ machines.
  • The root cause was hard-coded ASP.NET machine keys in the vendor’s web.config file, allowing a secret from one deployment to compromise others.
  • Google researchers confirmed the attack, noting the final payload was customized for the targeted organization.

In May 2026, threat actors actively exploited a zero-day vulnerability in the popular Japanese Learning Management System Digital Knowledge KnowledgeDeliver to deliver malware. This high-severity flaw, CVE-2026-5426, enabled attackers to execute remote code on affected servers and deploy a web shell.

- Advertisement -

The vulnerability stemmed from hard-coded ASP.NET machine keys, a risk Microsoft first documented in February 2025. Consequently, any attacker obtaining these keys from one system could compromise other internet-facing installations.

Google Mandiant and the Google Threat Intelligence Group (GTIG) detailed the attack chain in a report. They stated “An unknown threat actor leveraged this access to inject malicious code into the LMS platform, with the goal of infecting users visiting the site.”

Attackers initially used the flaw to deploy the Godzilla web shell. Subsequently, they modified application files to display a fake security alert urging users to install a malicious plugin.

This fraudulent installer then infected machines with Cobalt Strike Beacon. Meanwhile, Google noted “The payload was encrypted using a key that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization.”

- Advertisement -

The flaw impacted deployments prior to February 24, 2026, and similar issues have been exploited in other software like Sitecore Experience Manager. This incident highlights the severe risk of using shared secrets in deployment templates across an entire software ecosystem.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Chinese APT UAT-7810 Refines Malware for ORB Network

Chinese APT group UAT-7810 is expanding its LapDogs ORB network by compromising networking devices...

Musk’s Fortune Drops Below $1 Trillion After SpaceX Stock Plunge

Elon Musk is no longer a trillionaire after SpaceX stock (NASDAQ: SPCX) plunged to...

Anthropic removes hidden trackers from Claude Code after discovery

Anthropic removed hidden tracking markers from Claude Code after researchers discovered code used to...

Enlivex stock hits $0.42 low; all retail investors lose

Every retail investor who ever bought Nasdaq-listed Enlivex shares has lost money as the...

Kraken parent wins $22M arbitration award against ex-auditor Mazars

Payward, parent of crypto exchange Kraken, won a $22 million arbitration award against former...

Must Read

8 Best Bitcoin Offshore Hosting Providers

In this blog post, we'll list the top 8 best bitcoin offshore hosting providers that accept Bitcoin and other cryptocurrencies.As Bitcoin continues to grow...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading