The exploited bug allows attackers to retrieve sensitive information such as credentials and API keys.

The US cybersecurity agency CISA warns that ransomware operators are exploiting a SimpleHelp vulnerability in attacks targeting the customers of a utility billing software provider. According to CISA, this attack reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp since January 2025. CISA has provided security instructions for software vendors, third-party vendors, downstream customers, and end-users.

Read more:

https://www.securityweek.com/simplehelp-vulnerability-exploited-against-utility-billing-software-users/