KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

SITREP: A critical security vulnerability in the Digital Knowledge KnowledgeDeliver LMS, identified as CVE-2026-5426, has been exploited to deploy the Godzilla web shell and Cobalt Strike Beacon. This flaw, which has now been patched, was characterized by a CVSS score of 7.5 due to hard-coded ASP.NET machine keys. TACTICAL ASSESSMENT: The exploitation of this vulnerability highlights significant risks associated with widely used educational technologies, particularly in Japan. The successful deployment of advanced malware like Cobalt Strike indicates a potential increase in cyber threats targeting educational institutions. PROJECTED VECTORS: Future attacks may leverage similar vulnerabilities in other LMS platforms or exploit unpatched systems to deploy additional malware.