The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.

Ministers will be given powers to recover costs from adults who have received asylum support under new laws.