All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical SimpleHelp remote maintenance vulnerability under active exploitation, CISA warns

By

Dirk Knop

2h ago· 2 min readenNews
technologynews

Summary

A critical security vulnerability (highest risk rating) has been discovered in SimpleHelp remote maintenance software. The US cybersecurity authority CISA has added it to its "Known Exploited Vulnerabilities" catalog after confirming active exploitation. While CISA does not provide attack details, security firm Blackpoint has reportedly observed cyberattacks targeting the flaw. The vulnerability became known in mid-month and is now under active exploitation on the internet.

Source

bskyCritical SimpleHelp remote maintenance vulnerability under active exploitation, CISA warnsheise.de

Key quotes

· 3 pulled
The US cybersecurity authority CISA is warning about this.
It has added the vulnerability to its 'Known Exploited Vulnerabilities' catalog.
As usual, the authority does not provide details about the attacks, leaving it unclear what they look like and to what extent they are occurring.
Snippet from the RSS feed
A critical security vulnerability with the highest risk rating in the remote maintenance software SimpleHelp is being exploited on the internet.

You might also wanna read

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·8mo ago

Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score

Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used

wiz.io·8mo ago

CVE-2026-10520: Critical Ivanti Sentry OS Command Injection Vulnerability Actively Exploited

Ivanti Sentry (formerly MobileIron Sentry) has a critical pre-authentication OS command injection vulnerability (CVE-2026-10520, CVSS 10.0)

hellorecon.com·18d ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure

Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Wiz.io·2mo ago

Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js

A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

wiz.io·6mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.