{"id":215433,"date":"2026-02-19T10:30:00","date_gmt":"2026-02-19T15:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/"},"modified":"2026-02-19T17:35:18","modified_gmt":"2026-02-19T22:35:18","slug":"cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/","title":{"rendered":"CISA orders feds to patch actively exploited Dell flaw within 3 days"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/\">CISA orders feds to patch actively exploited Dell flaw within 3 days<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-19 10:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a\u00a0maximum-severity Dell vulnerability that has been under active exploitation since\u00a0mid-2024.<\/p>\n<p>According to\u00a0security researchers from Mandiant and the Google Threat Intelligence Group (GTIG),\u00a0this\u00a0hardcoded-credential vulnerability (CVE-2026-22769) in Dell&#8217;s RecoverPoint (a solution used for VMware virtual machine backup and recovery) is being\u00a0exploited by\u00a0a suspected Chinese hacking\u00a0group tracked as UNC6201.<\/p>\n<p>After gaining access to a\u00a0victim&#8217;s network in CVE-2026-22769 attacks, UNC6201 deploys several malware payloads, including a newly identified backdoor called Grimbolt. This malware is built using a relatively new compilation technique that makes it harder to analyze than its predecessor, the\u00a0Brickstorm\u00a0backdoor.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/ai-security-board-report-template.jpg\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>While the group swapped Brickstorm for Grimbolt in September 2025, it&#8217;s not yet clear whether this switch was part of a\u00a0planned upgrade or &#8220;a reaction to incident response efforts led by Mandiant and other industry partners.&#8221;<\/p>\n<p>&#8220;Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including SLAYSTYLE, BRICKSTORM, and a novel backdoor tracked as GRIMBOLT,&#8221; they said.<\/p>\n<p>The security researchers have also found overlaps between UNC6201 and the Silk Typhoon Chinese state-backed cyberespionage group (although the two are not considered identical by GTIG), also tracked as UNC5221 and\u00a0known for exploiting Ivanti zero-days to\u00a0target government agencies\u00a0with custom\u00a0Spawnant\u00a0and\u00a0Zipline\u00a0malware.<\/p>\n<p>Silk Typhoon\u00a0has previously\u00a0breached the\u00a0systems of several U.S. government agencies, including\u00a0the U.S. Treasury Department,\u00a0the Office of Foreign Assets Control (OFAC), and\u00a0the Committee on Foreign Investment in the&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA orders feds to patch actively exploited Dell flaw within 3 days https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215434,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2025\/01\/13\/CISA--headpic.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,27],"class_list":["post-215433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215433"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215433"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215433\/revisions"}],"predecessor-version":[{"id":215435,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215433\/revisions\/215435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215434"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}