A high-severity flaw in Digital Knowledge's KnowledgeDeliver Learning Management System, identified as CVE-2026-5426, was exploited by attackers to deploy the Godzilla web shell, ultimately leading to the installation of Cobalt Strike Beacon1. The vulnerability, with a CVSS score of 7.5, arises from the use of hard-coded ASP.NET machine keys, allowing unauthorized access. The fact that this flaw was exploited as a zero-day attack underscores its severity. KnowledgeDeliver, widely used in Japan, has since patched the issue, but the incident highlights the need for vigilance. The exploitation of this vulnerability expands the active attack surface, making it crucial for organizations to prioritize mitigation based on their exposure and evidence of exploitation. This incident serves as a reminder of the importance of prompt patching and security monitoring, particularly for widely used systems like Learning Management Systems, so what matters most to practitioners is the immediate assessment of their own systems' vulnerability to such attacks.