Ransomware Gangs exploit unpatched SimpleHelp RMM flaws to target victims with double extortion

Simplehelp Rogue RMM is so hot right now. Nothing suspicious about your zodiac and social security information.

🚨 Sliver Backdoor via SimpleHelp RMM Threat actors are actively exploiting vulnerabilities in SimpleHelp RMM to deploy the Sliver backdoor, enabling lateral access into downstream customer environments. This campaign has been ongoing since January 2025 and shows no signs of

🚨 Zero-day alert: CVE-2025-10035 in GoAnywhere MFT actively exploited ⚠️ Exploitation began before Fortra’s disclosure ⚠️ Attackers: RCE, admin-go backdoor, payloads (zato_be.exe, jwunst.exe) ⚠️ Persistence via SimpleHelp abuse Admins: patch to 7.8.4 or 7.6.3 ASAP + check logs

NEW RECENT THREAT: SimpleHelp: CVE-2024-57727 🔗 https://t.co/BUZTKJh2Jp Explore how attackers can exploit SimpleHelp's CVE-2024-57727 on Windows and Linux hosts. Learn to detect such exploitation manually and via ELK, Splunk, and Snort. 🛟 🔌

Cloudflare has rolled out new WAF rules to protect against: ->SimpleHelp Auth Bypass (CVE-2024-57727) ->Flowise Cloud Info Disclosure (CVE-2025-58434) ->WordPress Ditty Plugin SSRF (CVE-2025-8085) ->Vite Directory Traversal (CVE-2025-30208)

🚨Alert🚨 CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks 📊 75k+ Services are found on https://t.co/ysWb28Crld yearly. 🔗Hunter Link: https://t.co/LxDmNVsdm9 👇Query HUNTER

こんばんは、いかがお過ごしでしょうか 「今宵のサイバーセキュリティー」 注目トピックは、SimpleHelp RMMやWazuhのゼロデイ脆弱性が悪用され、公共インフラやSIEM基盤にまで影響。“静かに広がる侵入”が可視化されました。

高度なフィッシング作戦で攻撃者がITarian、PDQ Connect、SimpleHelp、AteraといったRMM（リモート監視管理）ツールを悪用し、被害端末へ持続的なリモートアクセ��を確立していることが明らかになった。 Red

🚨 Phishing + Malware = A dangerous new combo. Cofense reports threat actors are pairing Muck Stealer, Info Stealer, ConnectWise RAT & SimpleHelp RAT with fake logins. ⚡️Dual-threat = harder to defend. ⚡️Adaptive payloads (@Windows vs @Android). Will layered security hold up?

🚨Ransomware actors exploited an unpatched vulnerability (CVE-2024-57727) in SimpleHelp RMM to compromise a utility billing software provider—part of a pattern of actors targeting downstream customers. See our advisory for mitigations👉 https://t.co/Yli2jWTtOw

🚨Ransomware actors are using an unpatched SimpleHelp RMM vulnerability to exploit & compromise a utility billing software provider. We urge software vendors & MSPs to implement recommended mitigations immediately to protect your systems. More here👉 https://t.co/b8aUFCEIUd

🚨 Ransomware gangs are exploiting unpatched SimpleHelp flaws to hit utility billing customers with double extortion attacks — since Jan 2025. CISA warns: patch now or risk serious breaches. Read → https://t.co/cjzkQIia0q Meanwhile, new Fog ransomware uses legit employee

DragonForce #ransomware abuses SimpleHelp in MSP supply chain attack The #DragonForce operation breached a managed service provider and used its #SimpleHelp remote monitoring platform to steal data and deploy #encryptors! 🔥🕵️‍♂️ #CyberSecurity #TechNews https://t.co/LjDs2Mn46Y

Play ransomware has targeted over 900 organizations, leveraging a SimpleHelp flaw (CVE-2024-57727) for double-extortion schemes. Victims receive ransom notes with no initial demands, only contact emails. The group employs EDR killers to disable security and recompiles malware for

DragonForce ransomware abuses MSP’s SimpleHelp RMM to encrypt customers - @LawrenceAbrams https://t.co/jxtLbkUneV https://t.co/jxtLbkUneV

Hackers exploiting flaws in SimpleHelp RMM to breach networks

🚨Ransomware Alert🚨Threat actors are exploiting CVE-2024-57727 in unpatched SimpleHelp RMM to target utility billing providers & MSPs! They’re using this flaw to snag credentials, escalate privileges, and unleash double extortion ransomware attacks. ZoomEye

Watch out as hackers are using dual-threat attacks combining phishing, Muck Stealer, Info Stealer, ConnectWise RAT, and SimpleHelp RAT to steal data and bypass security. Read: https://t.co/tICFSc5jxF #CyberSecurity #Malware #Phishing #Scam #InfoSec