CVE Tools
Back to feed
Dark Reading ·EN Restricted

'Djinn' Stealer Targets Cloud, AI Credentials

By Jai Vijayan··4 min read
CVE Tools coverage

A campaign targeting the remote management product SimpleHelp has been observed using the critical authentication bypass vulnerability CVE-2026-48558 as an entry point. After exploiting an Internet-facing SimpleHelp instance, attackers gained technician-level access, deployed a JavaScript loader (TaskWeaver), and delivered Djinn Stealer to collect and encrypt high-value secrets. The malware can harvest cloud and developer credentials—including keys and configuration data tied to AI tooling/agents—highlighting why RMM compromise can quickly escalate into broader access and downstream supply-chain risk.