Mandiant and Google GTIG report zero-day exploitation of CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint by suspected PRC-nexus threat actor UNC6201 since mid-2024, enabling deployment of SLAYSTYLE, BRICKSTORM, and novel GRIMBOLT malware. The report includes technical analysis of exploitation methods, persistence mechanisms via convert_hosts.sh modification, newly observed VMware pivot tactics including Ghost NICs and iptables-based Single Packet Authorization, and comprehensive remediation guidance with IOCs and YARA rules.

This intelligence item is a copyrighted vulnerability database listing. It contains detailed vulnerability information including: critical RCE vulnerabilities in enterprise platforms (Chamilo LMS, Smart Slider 3, various WordPress plugins); supply chain attacks (axios npm compromise, Bruno CLI); privilege escalation in cloud/container systems (Kubernetes, OpenShift, LXD); cryptographic weaknesses (OpenSSL, multiple TLS/SSL issues); and memory corruption flaws in media processing libraries (LibRaw, OpenEXR). Multiple vulnerabilities enable unauthenticated remote code execution, with exploitation evidence documented in some cases dating to March-April 2026.