SimpleHelp remote access software contributes three CVEs to the Storm-1175 Medusa ransomware campaign exploitation cluster, with CVE-2024-57726 through CVE-2024-57728 representing a cluster of improper authentication and access control weaknesses. As a remote access platform, exploitation directly enables persistent attacker footholds consistent with the campaign’s observed TTPs. Patch all SimpleHelp instances and isolate them from direct internet exposure pending verification.