Critical SimpleHelp Vulnerability Exploited for Malware Delivery

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek .

According to reporting on the SimpleHelp incident, threat actors are exploiting a critical vulnerability in the SimpleHelp remote support/RMM software to deliver stealer malware focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.[8] This builds on earlier campaigns where unauthenticated path traversal and related flaws in SimpleHelp (e.g., CVE-2024-57727) allowed attackers to download arbitrary files, access configuration secrets, and gain remote code execution on downstream customer environments via a trusted vendor tool.[2][4] From a CyberSE.AI perspective, this is a clear *software supply chain* risk: compromise of a widely deployed remote support component can become an upstream entry point into AI development and operations environments, exposing secrets used by AI agents, models, and associated infrastructure. Organizations should treat third‑party remote tools as part of their AI supply chain, maintain an SBOM for such components, enforce strict patching and access controls, and regularly assess vendor-provided software for exploit exposure, especially where it touches credentials or developer tooling used to run or integrate AI syst