Critical SimpleHelp flaw exploited to deploy new stealer malware

Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting CVE-2026-48558 in SimpleHelp to gain unauthorized technician access and deploy the newly documented TaskWeaver loader and Djinn Stealer across Windows, macOS, and Linux systems. The campaign targets developer and infrastructure credentials, AI tooling, cloud services, and other sensitive assets, making immediate patching and credential rotation critical. #SimpleHelp #CVE202648558 #TaskWeaver #DjinnStealer #Blackpoint

Keypoints

  • CVE-2026-48558 in SimpleHelp allows attackers to create privileged technician accounts without authentication.
  • The flaw is being abused on internet-facing SimpleHelp servers using OIDC authentication.
  • Attackers deploy the TaskWeaver malware loader and the Djinn Stealer payload after gaining access.
  • Djinn Stealer targets developer credentials, cloud accounts, AI tools, and cryptocurrency wallets.
  • Administrators should patch SimpleHelp, invalidate unknown sessions, and rotate credentials and API keys.

Read More: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-simplehelp-flaw-deploy-new-djinn-infostealer-taskweaver-malware/