Help Net Security ·EN-US News source
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
CVE Tools coverage
Attackers are actively exploiting CVE-2026-48558, a newly fixed authentication bypass in SimpleHelp RMM, to gain access and deploy Djinn Stealer on compromised systems. The malware is reported to target Windows, macOS, and Linux and can harvest credentials and sensitive data from many cloud platforms, development tools, browsers, SSH, and cryptocurrency wallets. This matters because stolen tokens, keys, and session data could enable re-entry and further compromise even after the original SimpleHelp server is isolated.