Critical SimpleHelp vulnerability exploited to deploy cross-platform Djinn Stealer malware
Tags Enterprise
Threat actors are actively exploiting a critical vulnerability (CVE-2026-48558) in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. The stealer can extract credentials, browser data, and cryptocurrency wallets from infected systems. SimpleHelp is widely used by IT support teams for remote assistance, making the vulnerability particularly dangerous in enterprise environments. The exploitation began shortly after the vulnerability was disclosed, highlighting the speed at which threat actors weaponize newly published CVEs.
Technical significance
The exploitation of SimpleHelp demonstrates the risk posed by remote support tools that have privileged access to enterprise systems. The cross-platform nature of Djinn Stealer (targeting Windows, macOS, and Linux) is notable and reflects the increasing sophistication of infostealer malware. Organizations using SimpleHelp should immediately patch to the latest version and monitor for indicators of compromise. The incident also highlights the supply chain risk of remote access tools.