Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys - Help Net Security

Attackers are exploiting publicly disclosed ASP.NET machine keys to compromise IIS servers through ViewState code injection attacks. Microsoft advises against using publicly available keys and recommends regular key rotation to mitigate this risk.