The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...