CVE Tools
Back to feed
BleepingComputer ·EN-US News source

Critical SimpleHelp flaw exploited to deploy new stealer malware

By Bill Toulas··4 min read
CVE Tools coverage

Attackers are actively exploiting a recently disclosed critical vulnerability in SimpleHelp (CVE-2026-48558) to compromise exposed instances and deploy new malware, including Djinn Stealer and a TaskWeaver loader. The affected SimpleHelp deployments—often used by MSPs, IT teams, and helpdesks—matter because the flaw can be used to bypass authentication via OpenID Connect (OIDC), enabling attackers to gain a trusted technician session for remote execution. Djinn Stealer then targets cross-platform developer and infrastructure data on Windows, macOS, and Linux, potentially allowing theft of credentials and downstream access to cloud resources, repositories, and API-connected AI tooling.