'Djinn' Stealer Targets Cloud, AI Credentials
Summary
A new infostealer, dubbed 'Djinn', is targeting cloud and AI credentials by exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp. This vulnerability allows the stealer to access credentials that link development and admin environments to broader enterprise systems.
IFF Assessment
The discovery of a new infostealer that targets cloud and AI credentials, combined with a critical vulnerability enabling its spread, represents a significant threat to organizational security.
Severity
The vulnerability is described as critical and an authentication bypass, allowing unauthorized access to sensitive credentials, which typically leads to high impact on confidentiality, integrity, and availability. An estimated CVSS score reflects this severity.
CISA KEV: Listed as actively exploited. Federal patch due: July 02, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should be aware of the 'Djinn' stealer and the CVE-2026-48558 vulnerability. Prioritizing patching for SimpleHelp instances and enhancing monitoring for compromised credentials, especially those related to cloud and AI services, is crucial to mitigate this threat.