CVE Tools
Back to feed
Help Net Security ·EN-US News source

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

By Zeljka Zorz··3 min read
CVE Tools coverage

Attackers are actively exploiting CVE-2026-48558, a newly fixed authentication bypass in SimpleHelp RMM, to gain access and deploy Djinn Stealer on compromised systems. The malware is reported to target Windows, macOS, and Linux and can harvest credentials and sensitive data from many cloud platforms, development tools, browsers, SSH, and cryptocurrency wallets. This matters because stolen tokens, keys, and session data could enable re-entry and further compromise even after the original SimpleHelp server is isolated.