Supply-Chain Attack: Ransomware Groups Exploit RMM Vulnerabilities

Cybersecurity researchers at Zensec have uncovered a supply-chain attack campaign where ransomware groups exploited vulnerabilities in SimpleHelp RMM software to deploy ransomware across multiple organisations. The attacks, conducted by Medusa and DragonForce groups, leveraged unpatched vulnerabilities to gain SYSTEM-level privileges and move laterally within victim networks. Both groups used legitimate IT management tools to execute ransomware payloads and exfiltrate data, highlighting the critical need for supply chain security and patch management.

Latest mentioned: 11-10

Earliest mentioned: 11-10

Sources

securityonline.info gbhackers.com

Also Read

Critical React2Shell Flaw in React and Next.js Allows Remote Code Execution

A severe vulnerability, named React2Shell and tracked as CVE-2025-55182, has been discovered in React Server Components (RSC) Flight protocol. This flaw allows unauthenticated remote code execution by exploiting unsafe deserialization in React and Next.js applications. The issue affects multiple versions of React and Next.js, and organizations are urged to apply patches immediately. The vulnerability was discovered by security researcher Lachlan Davidson and has a maximum severity score of 10.0. Cloud security firms have noted that the issue is widespread and easily exploitable, with no special setup required by attackers.

12-05Read more →