Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. This HTTP request smuggling bug (CVE-2025-55315 ...

The latest preview of .NET 10 arrives with enhancements to the .NET libraries and runtime, .NET MAUI, WPF, and more. “Today, we are excited to announce the fourth preview release of .NET 10 with ...

ASP.NET is an open source web framework for building modern web apps and services with .NET. ASP.NET creates websites based on HTML5, CSS, and JavaScript that are simple, fast, and can scale to ...

Learn the best practices and built-in safeguards for preventing attacks and protecting sensitive data in your ASP.NET Core web applications. Today’s web applications are vulnerable to a variety of ...