Critical Security Flaw in Dell RecoverPoint for Virtual Machines Exploited as Zero-Day

A critical security vulnerability (CVE-2026-22769, CVSS score 10.0) affecting Dell RecoverPoint for Virtual Machines has been exploited as a zero-day since mid-2024 by a threat group presumed to be linked to China, identified under the name UNC6201. The vulnerability involves hardcoded credentials. The information comes from a joint report by Google Mandiant and Google Threat Intelligence Group (GTIG). No additional details on the impact or targets are specified.