A critical vulnerability in SimpleHelp's remote monitoring and management (RMM) software has been exploited by attackers to deliver two new malware families. The flaw, designated CVE-2026-48558, allowed unauthenticated users to forge login tokens and gain technician-level access. Attackers used this access to deploy malware, including TaskWeaver and Djinn Stealer, leveraging the platform's tools to mask their activities. The severity of the flaw is rated at 10 on the CVSS scale.
SimpleHelp has patched the vulnerability, but experts warn that the breach could lead to broader repercussions, affecting cloud platforms and customer environments. Managed service providers (MSPs) are advised to take swift action to mitigate risks associated with the exploited vulnerability.