Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM

Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning that ransomware actors have leveraged these security gaps since January 2025, targeting organizations through unpatched instances of SimpleHelp RMM.

At the heart of the campaign is the exploitation of a serious path traversal vulnerability, CVE-2024-57727, present in SimpleHelp versions 5.5.7 and earlier.

The weakness allows attackers to access files or directories outside the intended web root, potentially exposing sensitive data or enabling further network compromises.

In this scenario, malicious actors exploited the flaw to gain access to downstream customers’ systems, ultimately disrupting services and executing double extortion ransomware attacks, where both data theft and encryption are ...