logo

Critical SimpleHelp Vulnerability Exploited For Malware Delivery

ID: e14be9e8-78ce-543b-912e-714914129a31

STIX ID: report--e14be9e8-78ce-543b-912e-714914129a31

Feed Name: Infosecurity Magazine (News)

Threat Score
85/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

...
...

A critical authentication-bypass (CVE-2026-48558, CVSS 10) in SimpleHelp's RMM allowed attackers to forge technician tokens on internet-facing servers, abuse built-in file-transfer and remote execution to deploy a Node.js loader (TaskWeaver) and a cross-platform infostealer (Djinn Stealer). The stealer harvested cloud/infrastructure keys, source code, SSH credentials, package and AI-assistant tokens, creating persistent access and supply-chain risk to MSPs and their customers; SimpleHelp released patches and CISA added the issue to its KEV catalog.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.