VulnHub

Real-time Cybersecurity News

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

The Hacker News
Actively Exploited
2 Sources
Reporting on this topic
The Hacker NewsHelp Net Security
CVEExploitVulnerabilityMalwareCritical

Overview

A new security vulnerability, CVE-2026-48558, has been identified in SimpleHelp, a remote support software. This critical flaw, which has a maximum severity score of 10.0, allows attackers to bypass authentication during the OpenID Connect (OIDC) flow. As a result, these attackers have been exploiting this weakness to deploy two malware families: TaskWeaver and Djinn Stealer. The situation poses significant risks for users of SimpleHelp, as the malware could lead to data theft and further system compromises. Organizations using this software should take immediate action to secure their systems against this ongoing threat.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: SimpleHelp software affected by CVE-2026-48558.
  • Action Required: Users of SimpleHelp should immediately apply any available patches from the vendor to fix this vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated

Impact

SimpleHelp software affected by CVE-2026-48558.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users of SimpleHelp should immediately apply any available patches from the vendor to fix this vulnerability. Additionally, implementing strong authentication measures and monitoring for unusual activity can help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 2 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Help Net Security

Attackers are currently exploiting a vulnerability in SimpleHelp, identified as CVE-2026-48558, which allows for an authentication bypass. This vulnerability has been patched, but it is actively being used to deploy Djinn Stealer malware on victim systems. Djinn Stealer is a versatile piece of malware that targets various operating systems, including Windows, macOS, and Linux. It collects sensitive credentials from a wide range of applications, including cloud services, source control, and cryptocurrency wallets. The situation poses a significant risk to users of SimpleHelp, particularly managed service providers, as the malware can compromise sensitive data and systems.

Jun 30, 2026