Your virtualization backups are now a primary target for state actors. ๐ก๏ธ
CVE-2026-22769 ยท Severity 10.0 ยท Hard-coded credentials in @[Dell Technologies](urn:li:organization:1193) RecoverPoint for VMs.
We are tracking a suspected China-nexus threat cluster that has been quietly exploiting this zero-day. This flaw allows for full system takeover without any user interaction required.
Intelligence from @[Google](urn:li:organization:1441) Threat Intelligence suggests this activity has been ongoing since mid-2024. If you use this for disaster recovery, your entire failover environment is at risk.
The uncomfortable truth: Hard-coded credentials in enterprise-grade software remain a systemic risk that bypasses even the best MFA.
โ Update all @[Dell Technologies](urn:li:organization:1193) RecoverPoint for Virtual Machines to version 6.0.3.1 HF1.
โ Rotate all administrative credentials used within the RecoverPoint management console.
โ Conduct a retrospective search for unauthorized logins dating back to June 2024.
Have you audited your disaster recovery environment for unauthorized configuration changes? ๐
#Cybersecurity #Infosec #EndpointSecurity #VulnerabilityManagement #SOC #CodeDefence