Critical SimpleHelp Vulnerability Exploited For Malware Delivery
ID: e14be9e8-78ce-543b-912e-714914129a31
STIX ID: report--e14be9e8-78ce-543b-912e-714914129a31
Feed Name: Infosecurity Magazine (News)
A critical authentication-bypass (CVE-2026-48558, CVSS 10) in SimpleHelp's RMM allowed attackers to forge technician tokens on internet-facing servers, abuse built-in file-transfer and remote execution to deploy a Node.js loader (TaskWeaver) and a cross-platform infostealer (Djinn Stealer). The stealer harvested cloud/infrastructure keys, source code, SSH credentials, package and AI-assistant tokens, creating persistent access and supply-chain risk to MSPs and their customers; SimpleHelp released patches and CISA added the issue to its KEV catalog.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
