Cobalt-Strike

vulnerability 2026-05-28
KnowledgeDeliver CVE-2026-5426: Shared ASP.NET Machine Key Burns Every Japanese LMS Tenant at Once
A hardcoded ASP.NET machineKey shipped in Digital Knowledge's KnowledgeDeliver LMS web.config gives any attacker who reads one tenant's config unauthenticated RCE on every other internet-facing instance. Mandiant tied active exploitation to BLUEBEAM web shells and Cobalt Strike beacons consistent with Chinese-speaking APTs.
knowledgedeliver cve-2026-5426 viewstate-deserialization asp-net machinekey zero-day bluebeam godzilla cobalt-strike apt41 lms
threat-actors 2026-04-20
The Gentlemen RaaS: SystemBC Proxy Botnet Reveals 1,570 Corporate Victims
A DFIR engagement against The Gentlemen RaaS exposed a SystemBC C2 server proxying over 1,570 likely corporate victims, with affiliates leaning on a 14,700-device FortiGate inventory for initial access.
ransomware gentlemen systembc cobalt-strike fortigate raas socks5 proxy-botnet

KnowledgeDeliver CVE-2026-5426: Shared ASP.NET Machine Key Burns Every Japanese LMS Tenant at Once