https://cybercrime.club/tags/apt41/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usThu, 28 May 2026 11:08:41 -0400https://cybercrime.club/posts/knowledgedeliver-cve-2026-5426-viewstate-bluebeam-cobalt-strike/Thu, 28 May 2026 11:08:41 -0400https://cybercrime.club/posts/knowledgedeliver-cve-2026-5426-viewstate-bluebeam-cobalt-strike/A hardcoded ASP.NET machineKey shipped in Digital Knowledge's KnowledgeDeliver LMS web.config gives any attacker who reads one tenant's config unauthenticated RCE on every other internet-facing instance. Mandiant tied active exploitation to BLUEBEAM web shells and Cobalt Strike beacons consistent with Chinese-speaking APTs.vulnerability