Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Posted on 14 June 2025

From TheHackerNews.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.

“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025,” the agency said in an advisory.