KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...
Searchenginejournal.com

Core Web Vitals: WordPress And Astro Versus Everyone Else

HTTP Archive’s latest Core Web Vitals Technology Report ranks seven content management platforms and offers the surprising insight that page weight and PageSpeed Insights Lighthouse scores do not ...

ADA Title III Web Accessibility

An explanation of how Title III of the Americans with Disabilities Act of 1990 (ADA) applies to websites, mobile applications ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

EU is failing to cut pesticide use

With binding cut targets scrapped, the European Union's pledge to halve pesticide use is stalling — even as controversial chemicals like glyphosate remain on sale across the bloc.

Machine-First Architecture: How To Build Websites Machines Can Identify, Read, Cite & Use

Most AI search guidance stops at citations. This architecture framework extends to autonomous agents completing transactions ...

BrowserAct Open-Sources Two AI-Agent Skills, Giving Agents the Power to Use the Real Web

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today. They can think, but they can't really act on the live web — websites block ...