Threat actors are actively exploiting a critical vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to managed environments and deploy previously undocumented malware families known as TaskWeaver and Djinn Stealer.

The vulnerability, tracked as CVE-2026-48558 (CVSS 10.0), is an authentication bypass flaw affecting SimpleHelp servers configured with OpenID Connect (OIDC) authentication, including Azure AD integrations.

The issue has already been added to CISA's Known Exploited Vulnerabilities (KEV) catalog due to confirmed exploitation in the wild.

CVE-2026-48558: Authentication Bypass in SimpleHelp

According to researchers, the flaw stems from improper validation of identity provider (IdP) assertions during the OIDC authentication process.

An unauthenticated attacker can forge authentication tokens containing arbitrary identity claims and obtain a fully authenticated Technician session.

In many deployments, this grants attackers significant privileges, including:

  • Remote access to managed endpoints
  • File transfer capabilities
  • Script execution
  • Administrative actions across managed systems

Researchers also noted that environments enforcing multi-factor authentication (MFA) remain vulnerable because newly created technician accounts can register their own MFA method during first login.

Attack Chain

Blackpoint Cyber observed threat actors exploiting publicly exposed SimpleHelp servers to gain unauthorized technician access.

The attack chain involved:

  1. Exploitation of CVE-2026-48558
  2. Creation of an authenticated technician session
  3. Remote deployment of malicious payloads
  4. Execution of TaskWeaver loader
  5. Delivery of Djinn Stealer

Because the compromised RMM platform is already trusted within managed environments, attackers can leverage it as a legitimate administrative channel for lateral movement and malware deployment.

TaskWeaver Loader

TaskWeaver is a heavily obfuscated Node.js-based malware loader delivered as a JavaScript file named jquery.js and executed using node.exe.

Rather than performing malicious actions directly, the malware establishes an encrypted communication channel with attacker-controlled infrastructure and downloads additional payloads.

Key capabilities include:

  • System fingerprinting
  • Encrypted command-and-control communications
  • Dynamic payload delivery
  • Runtime execution of JavaScript modules
  • Elevated access to Node.js resources

Researchers observed communications with:

a.dev-tunnels[.]com

Djinn Stealer

The second-stage payload, Djinn Stealer, is a cross-platform information-stealing malware targeting:

  • Windows
  • macOS
  • Linux

The malware is designed to harvest credentials, authentication tokens, configuration files, and sensitive operational data from a wide range of applications and services.

Targeted Data

Cloud Platforms

  • AWS
  • Microsoft Azure
  • Google Cloud
  • Oracle Cloud Infrastructure
  • DigitalOcean
  • Linode
  • Heroku
  • Vercel
  • Railway
  • Supabase

Infrastructure and DevOps

  • Terraform
  • Pulumi
  • HashiCorp Vault
  • Consul
  • Docker
  • Helm
  • MinIO
  • S3

Source Code & Development Tools

  • GitHub CLI
  • Git configuration
  • SSH keys
  • Subversion credentials

Package Managers

  • npm
  • pnpm
  • Yarn
  • Maven
  • Gradle
  • NuGet
  • Cargo
  • Composer
  • pip
  • PyPI
  • Conda
  • Bun

AI Development Platforms

  • Anthropic Claude
  • Google Gemini
  • OpenAI Codex
  • Cline
  • OpenCode
  • Kilo

Cryptocurrency Wallets

  • Bitcoin
  • Ethereum
  • Monero
  • Litecoin
  • Dash
  • Zcash
  • Exodus Wallet
  • Atomic Wallet
  • Electrum

Linux-Specific Data Theft

On Linux systems, Djinn Stealer additionally targets process information stored in:

/proc/<pid>/cmdline
/proc/<pid>/environ

These files may contain:

  • API keys
  • Passwords
  • Database credentials
  • Access tokens
  • Cloud secrets
  • Environment variables

Data Exfiltration

After collection, stolen information is:

  1. Archived into a TAR file
  2. Compressed using GZIP
  3. Encrypted using AES-256-GCM
  4. Protected with an embedded RSA-2048 public key
  5. Transmitted to attacker infrastructure

Observed exfiltration endpoint:

96.126.130[.]126:58942

Growing Threat to AI and Developer Environments

Researchers warn that the campaign highlights a growing trend in which attackers specifically target developer systems and AI-assisted workflows.

Compromised developer workstations frequently contain access to:

  • Source code repositories
  • Build pipelines
  • Cloud environments
  • Deployment platforms
  • AI development tools
  • Customer infrastructure

As AI assistants become increasingly integrated into enterprise operations, attackers are expanding their focus beyond traditional credentials to include AI platform authentication tokens and project data.

Mitigation Recommendations

Organizations using SimpleHelp should:

  • Immediately update to the latest patched version.
  • Review all technician accounts for unauthorized creation.
  • Audit RMM activity logs.
  • Rotate exposed credentials and API keys.
  • Monitor for unusual Node.js executions.
  • Restrict public exposure of RMM platforms.
  • Enable network segmentation for management systems.
  • Conduct incident response investigations if compromise is suspected.

Given confirmed exploitation in the wild and its inclusion in CISA's KEV catalog, organizations should treat CVE-2026-48558 as a critical priority.

Federal agencies have been directed to remediate affected systems by July 2, 2026.