Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
This report describes a critical ViewState deserialization vulnerability (CVE-2026-5426) in KnowledgeDeliver LMS enabling unauthenticated remote code execution due to identical machine keys shared across deployments.
•Hardcoded ASP.NET machine keys in web.config were identical across customer installations, allowing compromise of any internet-facing instance with the shared key
•A .NET in-memory web shell (BLUEBEAM) was deployed in the IIS worker process (w3wp.exe) to maintain persistence and execute commands
•JavaScript files were modified to display fake security alerts and load remote malicious scripts leading to Cobalt Strike BEACON infections
•Detection indicators include Event ID 1316 in Application logs, suspicious w3wp.exe child processes, unauthorized file modifications, and anomalous concatenated User-Agent strings
•Mitigation requires unique machine keys per instance, IP-based access restrictions, and thorough investigation of compromised systems
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Google Cloud
The Hacker News