Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer.

The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Ask HN: Has anyone replaced Claude/GPT with a local model for daily coding?

Ask HN: Has anyone replaced Claude/GPT with a local model for daily coding? Source: Hacker News

Read More

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution F5 has released security updates to address two critical security flaws in NGINX Open Source that could be

Read More

.self: A new top-level domain designed to support self-hosting

.self: A new top-level domain designed to support self-hosting Source: Hacker News

Read More