A critical vulnerability in SimpleHelp is being actively exploited to distribute Djinn Stealer, a newly discovered malware capable of stealing data across Windows, macOS, and Linux systems.
Security researchers have identified active exploitation of CVE-2026-48558, a critical vulnerability in SimpleHelp remote support software. Attackers are leveraging the flaw to deploy Djinn Stealer, a previously undocumented information stealer with cross-platform capabilities.
Djinn Stealer targets three major operating systems—Windows, macOS, and Linux—making it a significant threat to organizations using SimpleHelp across diverse IT environments. The malware is designed to extract sensitive information from compromised systems, though specific data targets remain under investigation.
SimpleHelp, a remote access and support tool used by IT departments and managed service providers, is a high-value target for attackers seeking initial access to corporate networks. The critical severity rating of CVE-2026-48558 indicates the vulnerability allows remote code execution or similar high-impact compromise.
Organizations using SimpleHelp should immediately apply available patches. Security teams are advised to review access logs for suspicious activity and monitor systems for signs of Djinn Stealer infection, including unusual network connections or file modifications associated with information exfiltration.
The discovery underscores the ongoing risk posed by unpatched critical vulnerabilities in widely-used software. Remote access tools are particularly attractive targets for threat actors, as successful compromise provides immediate network foothold and credential harvesting opportunities.
Research into Djinn Stealer's full capabilities and infrastructure is ongoing. Additional details on indicators of compromise and technical analysis are expected as threat intelligence teams continue investigation.
Traditional CI security scanners are failing to catch sophisticated attack patterns in GitHub Actions workflows. ActiveState research reveals that passing a security scan does not guarantee a secure pipeline.
Google Cloud Platform suspended an account on May 19, 2026, following a previous incident involving a blocked railway. The suspension marks an escalation in the company's response to the earlier service disruption.
A previously unknown vulnerability in the Linux kernel, named Januscape, allows attackers to escape virtual machines and execute arbitrary code on host systems running Intel and AMD processors.
Europe's banking regulator has instructed financial institutions to develop strategies addressing cybersecurity threats posed by advanced AI models. The directive targets risks from frontier AI systems including Anthropic's Claude.