Zero‑day in KnowledgeDeliver LMS exploited to install web shells
A critical zero‑day in KnowledgeDeliver LMS was exploited to drop the Godzilla web shell via ViewState deserialization, prompting Mandiant to issue emergency guidance.
Section
Security & privacy
Editorial section. Other sections and tags are in the Topics menu; for full-text use search.
-
-
Microsoft Defender Can Now Automatically Isolate Hacked Endpoints in Preview
At a glance: - Microsoft Defender for Endpoint now offers automatic isolation of compromised endpoints in preview. - The feature disrupts lateral movement by disconnecting isolated devices from the network. - Support…
-
7-Eleven data breach exposes personal information of 185,000 people
ShinyHunters stole over 600,000 records from 7‑Eleven’s Salesforce system, exposing personal data of 185,300 people and prompting FBI warnings against paying ransoms.
-
Motorola phones have started hijacking the Amazon app to insert affiliate codes [video]
Motorola smartphones are injecting affiliate codes into the Amazon app via a pre-installed update, affecting foldables like the Razr Fold, with users advised to disable the Smart Feed app.
-
I tried ditching passwords, but the alternatives feel even more complicated
Despite promises of simplicity, passwordless authentication methods like passkeys and Google's Verified Email feature often require similar steps as traditional passwords, creating a fragmented user experience.
-
Trump Mobile investigates data leak affecting thousands of T1 preorders
Trump Mobile's T1 smartphone launch hit a snag after a website flaw exposed preorder data for roughly 27,000 potential buyers, raising early trust concerns for the new telecom brand.
-
Tailscale and Pi-hole Offer Unprecedented DNS Control Beyond Apple and Google
Tailscale and Pi-hole combine to offer unmatched DNS control, bypassing Apple and Google's limitations for enhanced privacy and tracking prevention.
-
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
Critical Ghost CMS SQL injection vulnerability exploited in widespread campaign affecting over 700 domains including universities and tech companies.
-
Google's $135M Android Data Settlement: What Users Need to Know
Google's $135M settlement offers Android users a chance to claim compensation for alleged data harvesting, with eligibility criteria and a June 23 deadline.
-
Commercial satellite supplying intel to Ukraine is cornered by four Russian spacecraft — US Space Force can only watch as Russia threatens 'quasi-civilian' targets
Russian satellites have maneuvered dangerously close to a commercial satellite supplying intelligence to Ukraine, highlighting vulnerabilities in space assets and the limited options for the US Space Force under…
-
Trump Mobile Leaks Customer Data Before Phone Launch
Trump Mobile confirmed a data breach exposing customer information before the controversial T1 phone even launches.
-
Trend Micro warns of Apex One zero-day exploited in the wild
Trend Micro warns that the Apex One zero‑day CVE‑2026‑34926 is already being exploited, and CISA has ordered federal agencies to patch by June 4, 2026.
-
Ubiquiti patches three max severity UniFi OS vulnerabilities
Ubiquiti has patched three critical vulnerabilities in UniFi OS that could let remote attackers hijack devices. Nearly 100,000 endpoints are exposed online, echoing past security incidents.
-
Scammers Abuse Microsoft Internal Account to Send Spam Links
Scammers exploit a Microsoft internal email account to send fraudulent links, prompting concerns over security vulnerabilities.
-
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors exploited CVE-2024-12802 on SonicWall Gen6 SSL-VPN appliances, bypassing MFA and deploying ransomware tools. ReliaQuest observed intrusions between February and March 2025, warning that a firmware update…
