Tag
critical
advisory
KnowledgeDeliver ViewState Deserialization Vulnerability Exploitation
2 rules 4 TTPs 1 CVEAn unauthenticated remote code execution vulnerability, CVE-2026-5426, in Digital Knowledge's KnowledgeDeliver LMS platform due to shared ASP.NET machine keys allows attackers to inject malicious code, ultimately leading to Cobalt Strike infection of user workstations.
KnowledgeDeliver
viewstate-deserialization
rce
web-shell
cobalt-strike
cve-2026-5426
2r
4t
1c
high
threat
Cobalt Strike Command and Control Beacon Detected
2 rules 2 TTPsThis brief documents the detection of Cobalt Strike command and control activity through identifying specific domain naming conventions used by its implant beacons, indicative of network attack and exploitation campaigns.
packetbeat +2
FIN7
+2
command-and-control
cobalt-strike
domain-generation-algorithm
2r
2t