TECH NEWS

Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability

Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek

Introduction

In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver. KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge commonly used in Japan. Mandiant identified a critical vulnerability that allowed unauthenticated Remote Code Execution (RCE). An unknown threat actor leveraged this access to inject malicious code into the LMS platform, with the goal of infecting users visiting the site.

This vulnerability stems from the use of identical pre-shared ASP.NET machine keys across multiple customer deployments. The vulnerability was initially exploited as a zero-day, now tracked as CVE-2026-5426.

The Vulnerability

KnowledgeDeliver installations deployed before Feb. 24, 2026 relied on a standardized web.config file provided by the vendor. This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads.

Because these keys were identical...

Copyright of this story solely belongs to google.com. To see the full text click HERE

https://images.axios.com/4ncBVlQcoPj81bxZ_KINegJV24w=/1366x768/smart/2024/07/12/202411-1720815851332.jpg

Maneva, whose AI agents connect to existing camera infrastructure in factories to flag safety risks and measure worker productivity, raised a $27M Series A

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Accelerate AI Adoption at F5's AI Virtual Summit — Learn how to architect, secure, and scale

https://media.wired.com/photos/6a28e4ee04cb8e65f7b970c3/191:100/w_1280,c_limit/The-Kindle-Scribe-Is-the-Best-of-the-$400-Digital-Notebooks.jpg

Digital Notebook Throwdown (2026): Kindle Scribe, ReMarkable Paper Pure

Jun 10, 2026 9:04 AM The Kindle Scribe Is the Best of the $400 Digital Notebooks The newest Kindle Scribe means there are now three digital notebooks you can buy in the $400 price range. Here’s which one you should get. Courtesy of Amazon; ReMarkable All products featured

SanDisk's massive 8TB SD cards are finally close to launch

Serving tech enthusiasts for over 25 years. TechSpot means tech analysis and advice you can trust. In brief: News regarding SanDisk's 8TB SD cards has been scarce for some time, but manufacturers recently indicated that the ultra-high-capacity products might be ready to hit the market. Faster 4TB cards

https://cdn.mos.cms.futurecdn.net/sqGgDPxHyGtqunPo56h9cL-2560-80.jpg

ServiceNow reveals security issue affecting customer data, but won't reveal much on what actually happened

* ServiceNow fixes API flaw which let unauthenticated attackers query some customer instance tables * Issue mainly hit customers on the Australia release or older versions with custom configs * Admins urged to review logs for /api/now/related_list_edit requests, especially from 51.159.98.241 ServiceNow has told some of