Zero‑day in KnowledgeDeliver LMS exploited to install web shells
A critical zero‑day in KnowledgeDeliver LMS was exploited to drop the Godzilla web shell via ViewState deserialization, prompting Mandiant to issue emergency guidance.
Tag
Zero Day
Stories with this tag. Sections and all tags live in the Topics menu; for full-text use search.
-
-
Trend Micro warns of Apex One zero-day exploited in the wild
Trend Micro warns that the Apex One zero‑day CVE‑2026‑34926 is already being exploited, and CISA has ordered federal agencies to patch by June 4, 2026.
-
Cisco warns of critical SD-WAN flaw exploited in zero-day attacks
Cisco discloses a CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller actively exploited in zero-day attacks; CISA orders federal agencies to patch by May 17, 2026.
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 unpatched Microsoft SharePoint servers exposed online remain vulnerable to a spoofing attack that was exploited as a zero-day.
-
Microsoft's Patch Tuesday updates: Keeping up with the latest fixes
Microsoft's monthly Patch Tuesday releases critical security updates, with recent months addressing hundreds of vulnerabilities including multiple zero-day exploits.
