VulnHub

Hackers have taken advantage of a zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to install a malicious web shell known as Godzilla. This security flaw allows attackers to gain unauthorized access to systems running this LMS, potentially compromising sensitive data and disrupting services. Organizations using KnowledgeDeliver should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational and data security issues. The presence of a web shell means that attackers can execute commands remotely, making it crucial for affected users to take immediate action to secure their systems. Companies must prioritize patching and monitoring their environments to mitigate the risks associated with this exploit.

A zero-day vulnerability identified as CVE-2026-5426 has been discovered in a Japanese Learning Management System (LMS). This security flaw arises from the use of hard-coded ASP.NET machine keys, which attackers can exploit to deploy Cobalt Strike, a popular penetration testing tool that can also be used for malicious purposes. The exploitation of this vulnerability poses significant risks to educational institutions and organizations using the LMS, potentially allowing unauthorized access to sensitive information and systems. Users of the affected LMS should take immediate steps to secure their systems to prevent potential intrusions.

Trend Micro has reported a serious security vulnerability in its Apex One platform, identified as CVE-2026-34926. This flaw allows for a directory path traversal, which means attackers could potentially access files and directories outside the intended scope. The company has confirmed that this vulnerability is being actively exploited in the wild, with at least one confirmed incident. Organizations using the Apex One platform are at risk, which makes it crucial for them to act quickly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding this vulnerability, urging affected users to take immediate action to protect their systems.

Microsoft has patched a serious remote code execution vulnerability in SharePoint, identified as CVE-2026-45659. This flaw impacts SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The vulnerability arises from the way SharePoint handles untrusted data, allowing an authenticated attacker to execute code on a vulnerable server without requiring any user interaction. The simplicity of the attack makes it particularly concerning, as it poses a risk to organizations using these versions of SharePoint. Companies should prioritize applying the patches to safeguard their systems from potential exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. government agencies address a critical SQL injection vulnerability in the Drupal content management system by Wednesday evening. This vulnerability, which has been flagged as actively exploited, poses a significant risk to the security of servers running Drupal. Government organizations must act swiftly to protect their systems from potential attacks that could exploit this weakness. The urgency of this directive highlights the ongoing challenges faced by agencies in maintaining secure web platforms, especially as attackers increasingly target widely used software like Drupal. Ensuring that these systems are patched is essential to safeguard sensitive data and maintain operational integrity.

A vulnerability in the Ghost Content Management System (CMS) has been exploited, leading to the hacking of over 700 websites, including those of prestigious institutions like Harvard and Oxford, as well as the search engine DuckDuckGo. This breach highlights the risks associated with using outdated or unpatched software, as attackers were able to take advantage of security flaws to gain unauthorized access. The incident raises concerns about the personal data and sensitive information that could be exposed on these compromised sites. Organizations using Ghost CMS need to ensure they are running the latest version and apply any available patches to protect their websites from similar attacks in the future.

A newly discovered zero-click attack is targeting WhatsApp accounts on iPhones running iOS 16, allowing attackers to take control of accounts without any user interaction or warning. This means that users can find their accounts sending unauthorized messages, often asking contacts for money transfers, without realizing they’ve been compromised. The attack is particularly concerning because it does not require any linked devices, making it harder for users to identify or prevent the intrusion. As this vulnerability is actively exploited, users of WhatsApp on iOS 16 need to be vigilant and take precautions to protect their accounts. This incident highlights the ongoing challenges of mobile security and the importance of being cautious about unsolicited messages and requests.

A significant security vulnerability has been identified in Ghost CMS, specifically a SQL injection flaw labeled CVE-2026-26980. Attackers are exploiting this weakness to inject harmful JavaScript code, which activates ClickFix attack flows across numerous websites utilizing this content management system. This exploitation poses a serious risk to users by potentially compromising their data and functionality of affected sites. Ghost CMS users, particularly those running outdated versions, should take immediate action to secure their systems. This incident highlights the ongoing need for vigilance in web security and the importance of keeping software up to date.

Hackers are exploiting a significant vulnerability from 2018 to take control of over a million ASUS routers. According to VulnCheck, this flaw allows attackers to bypass authentication mechanisms, making it easier for them to hijack affected devices. The vulnerability impacts various ASUS router models, posing a risk to users who may unknowingly have their networks compromised. This incident is concerning because it shows how older vulnerabilities can still be leveraged for large-scale attacks, highlighting the need for users to regularly update their devices and apply security patches. Failure to address these vulnerabilities could lead to unauthorized access and further exploitation of personal or sensitive information.

A new vulnerability, dubbed 'Underminr', affects around 88 million domains, allowing attackers to hide malicious connections behind trusted domain names. This exploit can bypass DNS filtering mechanisms, making it easier for cybercriminals to manage command-and-control traffic without detection. As a result, organizations that rely on these domains for security may be at greater risk of compromise. The vulnerability raises concerns about the effectiveness of current DNS security measures, as attackers can leverage this flaw to blend in with legitimate traffic. Companies and system administrators are urged to review their DNS filtering strategies to mitigate potential risks associated with this vulnerability.

A severe security vulnerability has been discovered in the LiteSpeed User-End cPanel Plugin, identified as CVE-2026-48172, which has a maximum CVSS score of 10.0. This flaw allows attackers to exploit incorrect privilege assignments, enabling them to execute arbitrary scripts with root privileges. As a result, any cPanel user, including potential attackers or compromised accounts, can take advantage of this vulnerability. The ongoing exploitation of this flaw poses significant risks to server security and data integrity, making it crucial for affected users to take immediate action. The situation emphasizes the need for vigilance among web hosts and cPanel users to prevent unauthorized access and maintain secure environments.