Zero-Day Vulnerability in KnowledgeDeliver Exploited to Install Web Shells

Cybercriminals exploited a critical zero-day vulnerability in servers running the KnowledgeDeliver learning management system. The exploit allowed attackers to install the Godzilla web shell—a tool frequently used to gain unauthorized server access and execute arbitrary commands.

According to cybersecurity experts, the attack targeted vulnerable LMS instances that had not been updated in a timely manner. The Godzilla web shell provides attackers with extensive control over compromised systems, including the ability to download additional malicious modules, steal data, and create backdoors for future attacks.

Experts note that educational platforms and corporate LMS are increasingly targeted due to the large volumes of stored data, including user personal information and confidential materials. It is recommended to immediately verify software versions and apply all available security updates.