For two years, a Chinese nation-state threat actor exploited a Dell hard-coded credential vulnerability, highlighting the risk of a pre-compromised product This article explores vulnerability dell. . Mandiant from Google Cloud described CVE-2026-22769, a CVSS 10 vulnerability, in Dell RecoverPoint for Virtual Machines, a data security product offered by the tech behemoth, yesterday.

The threat actor used the vulnerability to compromise Dell appliances and, in some cases, pivot to VMware virtual infrastructure, according to researchers. The suspected China-nexus threat cluster UNC6201 "has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including Slaystyle, Brickstorm, and a novel backdoor tracked as Grimbolt." UNC6201 has a history of engaging in cyber espionage, even though Google did not delve deeply into the motivations of the attackers.

Related: As Hackers Give Up Malware, RMM Abuse Increases The nature of the vulnerability is the most concerning aspect of this campaign. In certain instances, it might be a problem that the team knew about but chose not to address because of technical debt and deadline pressure. Martin Jartelius, director of AI products for a security company Outpost24 informs ZeroOwl that organizations frequently make mistakes by failing to review older codebases.

He states, "In the IoT/OT space, we have seen cases where there are hidden default accounts." "Basically, you are more likely to run into this issue the longer a codebase has been in existence."