The Hacker News ·EN News source
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
CVE Tools coverage
An unidentified threat actor is actively exploiting the critical SimpleHelp flaw CVE-2026-48558 (CVSS 10.0), which allows an unauthenticated attacker to bypass authentication in OpenID Connect (OIDC) flows and obtain a fully authenticated “Technician” session. Using that access, they deployed two malware families, TaskWeaver (a Node.js loader) and Djinn Stealer (a cross-platform credential and data-stealing payload targeting systems across Windows, macOS, and Linux). The scale of harvested secrets—spanning cloud accounts, code repositories, AI tooling, and cryptocurrency wallets—makes this a high-impact risk, and CISA has added CVE-2026-48558 to its Known Exploited Vulnerabilities catalog.