Attackers have exploited a zero-day vulnerability in KnowledgeDeliver.

Attackers exploited a zero‑day in the KnowledgeDeliver LMS caused by hardcoded ASP.NET machineKey values shared across installations. With these keys, threat actors performed ViewState deserialization attacks to achieve remote code execution. They deployed Godzilla web shells and ultimately installed a tailored Cobalt Strike backdoor after modifying application files and permissions.

Read more:

https://www.securityweek.com/hackers-exploited-knowledgedeliver-zero-day-for-web-shell-deployment/