GBHackers reports:
Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning that ransomware actors have leveraged these security gaps since January 2025, targeting organizations through unpatched instances of SimpleHelp RMM.
At the heart of the campaign is the exploitation of a serious path traversal vulnerability, CVE-2024-57727, present in SimpleHelp versions 5.5.7 and earlier.
The weakness allows attackers to access files or directories outside the intended web root, potentially exposing sensitive data or enabling further network compromises.
Read more at GBHackers.
