357/69 Wednesday, July 1, 2026

Security researchers have disclosed that attackers are actively exploiting a critical vulnerability, tracked as CVE-2026-48558, in the SimpleHelp remote monitoring and management software to target unpatched systems. After successfully compromising a system, the attackers install Djinn Stealer, an information-stealing malware that supports Windows, macOS, and Linux, as well as Taskweaver malware to maintain access and carry out follow-on attack activities.
The vulnerability allows unauthenticated attackers to create a highly privileged Technician account on a SimpleHelp server and use it to connect to managed endpoint devices. The attackers then deploy Djinn Stealer to steal sensitive information, such as passwords, cookies, and data from web browsers. Meanwhile, Taskweaver is used to download additional payloads, execute remote commands, and establish persistence mechanisms, allowing attackers to continue their operations.
Administrators using SimpleHelp should promptly update to the version patched by the vendor. They should also check for newly created unauthorized Technician accounts, review remote connection logs, and inspect managed endpoint devices for behavior potentially linked to Djinn Stealer or Taskweaver, such as access to web browser data, unusual process creation, or the downloading of additional payloads, in order to limit the impact if the system has already been compromised.
