ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

SimpleHelp CVE-2026-48558 exploited via OIDC auth bypass to drop TaskWeaver

Source headline: Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Attackers are abusing a maximum-severity authentication bypass in SimpleHelp, tracked as CVE-2026-48558. The flaw impacts an OpenID Connect (OIDC) authentication flow and allows unauthenticated access under certain conditions. Using this weakness, the intrusions deploy two malware families: TaskWeaver and Djinn Stealer. The activity shows how quickly newly disclosed critical bugs can be weaponized in real environments. SimpleHelp operators should patch immediately and review OIDC-related authentication logs and access patterns for suspicious behavior.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#cve #malware #simplehelp #authentication-bypass #djinn-stealer #oidc #taskweaver
Original reporting The Hacker News Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
Open original source

Related Pulse Signals

View all signals
Critical · Vulnerabilities Unauthenticated Oracle E-Business Suite Payments takeover exploitation starts Critical · Vulnerabilities Ransomware crews exploit Microsoft Defender BlueHammer privilege escalation Critical · Vulnerabilities SimpleHelp flaw turns into malware delivery, targeting credentials and wallets High · Vulnerabilities Apple issues iOS, macOS, and Safari patches for 30+ bugs, incl. AI WebKit flaws