CyberSecurity News

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

The Hacker News

· June 30, 2026

AI summary

A recently disclosed high-severity vulnerability in SimpleHelp is being exploited by an unknown threat actor. The vulnerability, which has a CVSS score of 10.0, is a critical authentication bypass issue affecting the OpenID Connect flow. It allows an unauthenticated attacker to gain access. The exploitation is used to deliver two new malware families, TaskWeaver and Djinn Stealer. The vulnerability is identified as CVE-2026-48558.

Vulnerabilities mentioned

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

Read the full article at The Hacker Newsthehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.