THE article discusses the exploitation of a zero-day vulnerability (CVE-2026-5426) in the KnowledgeDeliver Learning Management System, widely used in Japan. Reported by Mandiant, the vulnerability arises from hardcoded values in the system's configuration, allowing attackers to perform ViewState deserialization attacks. The exploitation has led to the deployment of Godzilla web shells and a Cobalt Strike backdoor.
Organizations with KnowledgeDeliver deployments pre-February 24, 2026, are advised to rotate machine keys and monitor for intrusions. Mandiant has provided indicators of compromise (IoCs) related to this attack.