{"id":238940,"date":"2026-06-30T12:10:00","date_gmt":"2026-06-30T16:10:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/30\/critical-flaw-in-simplehelp-exploited-in-attacks-targeting-sensitive-credentials\/"},"modified":"2026-06-30T12:20:09","modified_gmt":"2026-06-30T16:20:09","slug":"critical-flaw-in-simplehelp-exploited-in-attacks-targeting-sensitive-credentials","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/30\/critical-flaw-in-simplehelp-exploited-in-attacks-targeting-sensitive-credentials\/","title":{"rendered":"Critical flaw in SimpleHelp exploited in attacks targeting sensitive credentials"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-simplehelp-exploited-attacks-credentials\/824105\/\">Critical flaw in SimpleHelp exploited in attacks targeting sensitive credentials<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-simplehelp-exploited-attacks-credentials\/824105\/\">https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-simplehelp-exploited-attacks-credentials\/824105\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-30 12:10:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>A critical vulnerability in SimpleHelp, a remote-support product, is being exploited in attacks to deliver previously unknown forms of malware, including an information stealer.\u00a0<br \/>\nThe malware is being used to steal highly sensitive credentials used in cloud platforms, package registries and AI development assistants, according to a report released Monday by BlackPoint.\u00a0<br \/>\nThe flaw, tracked as CVE-202t6-48558, involves an authentication bypass flaw in the OpenID Connect authentication protocol. When OIDC is configured, an attacker can use a forged token to get access to a fully authenticated \u201ctechnician\u201d session, researchers said.\u00a0<br \/>\nOnce attackers authenticate themselves as \u201ctechnicians,\u201d they are able to perform privileged management activities, according to a report released earlier this month by Horizon3.ai.\u00a0<\/p>\n<p>Monday\u2019s report by BlackPoint detailed an incident where the flaw was exploited and attackers deployed TaskWeaver, a heavily obfuscated Node.js loader, and second-stage malware called Djinn Stealer, which operates on Windows, macOS and Linux systems.\u00a0<br \/>\nThe attackers used TaskWeaver to fingerprint the compromised system and establish encrypted communications with infrastructure they controlled. The attacker used Djinn Stealer to steal various types of credentials, including cloud platforms, package registries and AI development assistants.\u00a0<br \/>\nThe Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities catalog on Monday.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical flaw in SimpleHelp exploited in attacks targeting sensitive credentials https:\/\/www.cybersecuritydive.com\/news\/critical-flaw-simplehelp-exploited-attacks-credentials\/824105\/ Publish Date: 2026-06-30 12:10:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":238941,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/p0ZJZF_9QuiOka31i0t-DyQdQDTv38ZFePpwPtQQarY\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMTM0MjgxMTc1LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,27],"class_list":["post-238940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238940"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=238940"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238940\/revisions"}],"predecessor-version":[{"id":238942,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238940\/revisions\/238942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/238941"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=238940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=238940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=238940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}