"Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place."
""These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned, underscoring the urgency behind the unusually tight remediation window. The bug affects Dell RecoverPoint for Virtual Machines and stems from hardcoded credentials that can allow attackers to gain unauthorized access. Dell disclosed and patched the issue earlier this week, noting that criminals had already been exploiting it before a fix was available."
"According to Google's Mandiant incident response team, miscreants have exploited the vulnerability since at least mid-2024 to move laterally across networks, maintain persistence, and deploy a range of malware families. Among the tools seen in the wild are the Brickstorm backdoor and a newer implant called Grimbolt, which, in some cases, has been swapped in for older malware. Researchers also spotted attackers spinning up so-called "Ghost NICs" on virtual machines to quietly pivot around compromised environments without tripping alarms."
CISA added CVE-2026-22769 to its Known Exploited Vulnerabilities catalog and ordered civilian agencies to secure affected systems by February 21, giving a three-day remediation window. The vulnerability affects Dell RecoverPoint for Virtual Machines and results from hardcoded credentials that allow unauthorized access. Dell released patches after reporting limited active exploitation, and criminals had been exploiting the flaw before fixes were available. Exploitation since at least mid-2024 enabled lateral movement, persistence, and deployment of multiple malware families. Observed malware includes the Brickstorm backdoor, Slaystyle, and a newer implant called Grimbolt. Attackers also created "Ghost NICs" on virtual machines to pivot stealthily. A cluster tracked as UNC6201 has deployed multiple payloads during long-running intrusions.
#cve-2026-22769 #dell-recoverpoint #cisa-known-exploited-vulnerabilities #china-linked-espionage #grimboltbrickstorm
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]