CISA gives federal agencies three days to patch actively exploited Dell bug
The Register
February 20, 2026
AI-Generated Deep Dive Summary
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a mandate for federal agencies to address a severe vulnerability in Dell's RecoverPoint software within just three days. The flaw, tracked as CVE-2026-22769, was added to CISA's Known Exploited Vulnerabilities catalog and requires agencies to patch affected systems by February 21. This rapid timeline underscores the urgent need to mitigate risks posed by hardcoded credentials that have been actively exploited since mid-2024.
The vulnerability stems from hardcoded credentials in Dell RecoverPoint for Virtual Machines, allowing attackers unauthorized access. While Dell patched the issue earlier this week, criminals had already exploited it before a fix was available. Researchers linked the activity to UNC6201, a group with suspected ties to Chinese state-sponsored actors, which has used the flaw to deploy malware like Slaystyle, Brickstorm, and Grimbolt across compromised networks.
The exploit has been leveraged for espionage campaigns targeting government agencies, aligning with broader patterns of state-backed cyberattacks. Attackers have employed advanced tactics, such as creating "Ghost NICs," to avoid detection while infiltrating systems. Mandiant, a cybersecurity firm, reported fewer than a dozen confirmed victims but warned the actual number could be higher.
This directive highlights CISA's aggressive approach to addressing actively exploited vulnerabilities. Earlier this month, the agency similarly ordered federal agencies
Verticals
tech
Originally published on The Register on 2/20/2026