CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Dell RecoverPoint for VMs Zero-Day Exploited by UNC6201

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines has been exploited by a suspected China-nexus threat cluster, UNC6201, since mid-2024. The vulnerability, with a CVSS score of 10.0, involves hard-coded credentials affecting versions prior to 6.0.3.1 HF1. The attackers used the flaw to upload a web shell named SLAYSTYLE and execute commands as root to deploy the BRICKSTORM backdoor and its newer version, GRIMBOLT. The exploitation involves authenticating to the Dell RecoverPoint Tomcat Manager via the '/manager/text/deploy' endpoint and deploying the malicious payloads.

Timeline

  1. 23.02.2026 15:00 1 articles · 3h ago

    Zero-Day in Dell RecoverPoint for VMs Exploited by UNC6201

    A zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines has been exploited by the threat cluster UNC6201 since mid-2024. The vulnerability involves hard-coded credentials and allows attackers to deploy the BRICKSTORM backdoor and its newer version, GRIMBOLT. The exploitation involves authenticating to the Dell RecoverPoint Tomcat Manager and executing commands as root.

    Show sources
    Open in new tab

Information Snippets