Mandiant and Google GTIG report zero-day exploitation of CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint by suspected PRC-nexus threat actor UNC6201 since mid-2024, enabling deployment of SLAYSTYLE, BRICKSTORM, and novel GRIMBOLT malware. The report includes technical analysis of exploitation methods, persistence mechanisms via convert_hosts.sh modification, newly observed VMware pivot tactics including Ghost NICs and iptables-based Single Packet Authorization, and comprehensive remediation guidance with IOCs and YARA rules.
Signal Search
Search across all ingested intelligence signals. Supports websearch syntax: AND OR "exact phrase" -exclude
28 results for "CVE-2026" · Cyber+Supply Chain+Disaster
Page 1 of 2