For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week, allows unauthenticated attackers to gain command execution on the underlying OS as root. The vulnerability, tracked as CVE-2026-22769, stems from hardcoded admin credentials for the Apache Tomcat Manager, which can be leveraged to deploy malicious WAR (Web Application Archive) files. Apache Tomcat is a web server for Java-based web applications. Researchers from Google’s Mandiant team discovered the critical vulnerability while investigating multiple compromised Dell Reco...