First reported by bsky
Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
By
[email protected] (The Hacker News)
4d ago
Source
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
You might also wanna read
Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
A critical vulnerability (CVE-2026-48558) with a CVSS score of 10 has been discovered in SimpleHelp's OpenID Connect authentication flow. Th
Critical SimpleHelp remote maintenance vulnerability under active exploitation, CISA warns
A critical security vulnerability (highest risk rating) has been discovered in SimpleHelp remote maintenance software. The US cybersecurity
WAF - WAF Release - 2025-10-13
Cloudflare·8mo ago
CVE-2026-8037: Critical Unauthenticated RCE in Progress Kemp LoadMaster Actively Exploited
A critical unauthenticated remote code execution vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster is being actively exploited in th
undercodetesting.com·18h agoWAF - WAF Release - 2025-09-29
Cloudflare·9mo ago
WAF - WAF Release - 2025-08-18
Cloudflare·10mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.