27 May 2026
Reference: CVE-2026-8398
1. What is being reported?
Attackers managed to break into the company’s system that builds and distributes Daemon Tools Lite software. They inserted malicious code into three key program files. Because these files were signed with the company’s legitimate digital certificate, the harmful installers looked genuine and could bypass security checks.
2. What this means in plain English
If your organisation installed or updated Daemon Tools Lite on Windows between 8 April and 5 May 2026, your computers might have been exposed to malware that could steal data or cause other damage. This is a high-risk issue because the malicious software was disguised as trusted files.
3. Could this affect a small business?
Small businesses or charities using Daemon Tools Lite on Windows versions 12.5.0.2421 through 12.5.0.2434 during the affected dates could be impacted. If you do not use this software or use a different version, you are unlikely to be affected.
4. What to do now
- Check if Daemon Tools Lite is installed on your Windows computers and note the version and installation date.
- Contact your IT provider or software supplier immediately to confirm if your installations are affected and to get guidance on applying vendor-recommended fixes or mitigations.
- If no fix is available, consider uninstalling Daemon Tools Lite until a safe version is confirmed.
- Review your security logs and monitor for unusual activity on devices that had the affected software installed.
5. Ask your IT provider
Can you confirm whether our Daemon Tools Lite installations were affected by the recent supply chain attack, and what steps are being taken to secure our systems?
6. Bottom line
If you used Daemon Tools Lite on Windows recently, act quickly to check and secure your systems against this serious threat.
Information based on CISA KEV, NVD, and reputable security reporting.