SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.
ScanNetSecurity

AeyeScan に手動巡回機能で任意のJavaScript を実行できる新機能

株式会社エーアイセキュリティラボは5月11日、脆弱性診断の自動化ツール「AeyeScan」に手動巡回機能で任意のJavaScriptを実行できる新機能を追加したと発表した。 「AeyeScan」は、AIとRPA(Robotic Process ...
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...

Cloudflareが明かす「Mythos Preview」の実力 AIが脆弱性発見から攻撃実証 ...

Cloudflareは、AnthropicのLLM「Mythos Preview」を50超の自社リポジトリー検査へ投入した結果を公表した。脆弱性連鎖の推論やPoC自動生成で高性能を示した半面、誤検知抑制や運用基盤整備の必要性も示した。