// #account-takeover
3 articles
SimpleHelp Remote Support: New OIDC Flaw Lets Unauthenticated Attackers Create Rogue Privileged Technician Accounts
A new authentication vulnerability in SimpleHelp Remote Support — distinct from the path traversal and privilege escalation flaws patched earlier in 2026 — allows an unauthenticated attacker to exploit a flaw in the OIDC single sign-on implementation to create privileged technician accounts with full remote session capabilities. SimpleHelp has released emergency patches; exploitation has been observed in the wild.
AccountDumpling Abuses Google AppSheet as Legitimate Phishing Relay to Compromise 30,000 Facebook Accounts
The AccountDumpling campaign has compromised approximately 30,000 Facebook accounts by routing phishing emails through Google AppSheet — a legitimate no-code application platform — to bypass spam filters and email security gateways. The technique exploits trusted sender reputation of Google infrastructure and demonstrates the growing difficulty of filtering phishing delivered through legitimate SaaS platforms.
Ubiquiti UniFi CVSS 10 Path Traversal CVE-2026-22557 Enables Full Account Takeover
Ubiquiti disclosed a maximum-severity path traversal vulnerability in the UniFi Network Application that allows unauthenticated attackers to read arbitrary files from the underlying OS and take over controller accounts with no credentials required. Censys identified approximately 87,000 internet-exposed UniFi endpoints at time of disclosure. The vulnerability is frequently chained with a companion NoSQL injection flaw for full administrative access.