Critical SimpleHelp RMM flaw exploited to deploy Djinn Stealer malware

AI-Generated Summary

3 sources

1 day ago

1 views

Critical SimpleHelp RMM flaw exploited to deploy Djinn Stealer malware

Key Points

Attackers exploit CVE-2026-48558, an authentication bypass vulnerability in SimpleHelp RMM.
CVE-2026-48558 is recently disclosed and is described as critical by multiple sources.
Exploitation enables malware delivery to Windows, macOS, and Linux.
Djinn Stealer is reported as the main payload; Infosecurity Magazine also mentions TaskWeaver.
Djinn Stealer is described as collecting credentials/data from sources including cloud services, development tools, browsers, SSH, and crypto wallets.

Multiple outlets report that attackers exploit CVE-2026-48558, a recently disclosed and patched authentication bypass vulnerability in the SimpleHelp remote monitoring and management (RMM) platform, to deliver malware to compromised systems. Bleeping Computer and Help Net Security both describe Djinn Stealer being deployed as a cross-platform payload targeting Windows, macOS, and Linux. Infosecurity Magazine also links exploitation of the same SimpleHelp flaw to malware delivery, citing Djinn Stealer and additionally mentioning TaskWeaver.

According to Help Net Security, researchers attribute the activity to BlackPoint Cyber and describe Djinn Stealer as an information stealer that collects credentials and related data associated with multiple environments and tools. Reported targets include cloud platforms, source control systems, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets.

All accounts tie the campaign to the same SimpleHelp vulnerability and characterize it as critical, with exploitation occurring shortly after disclosure and patching. None of the sources provide additional details on attacker attribution or the full scope of affected SimpleHelp deployments.

How Outlets Covered This Story

INF

Infosecurity Magazine

Critical SimpleHelp Vulnerability Exploited For Malware Delivery

Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware

3 hours ago

HEL

Help Net Security

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered. CVE-2026-48558 exploited SimpleHelp is a remote monitoring and management (RMM) tool popular with managed services providers … More → The post SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) appeared first on Help Net Security.

9 hours ago

BLE

Bleeping Computer

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]

1 day ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Critical SimpleHelp RMM flaw exploited to deploy Djinn Stealer malware

UK investors sue Binance and Changpeng Zhao over alleged unauthorised derivative sales

14 schoolchildren die as roof collapses at tutoring centre in Lahore, Pakistan

Kwinana town centre plan released for public comment