PT-2026-20303

Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 Description Dell RecoverPoint for Virtual Machines contains a critical vulnerability CVE-2026-22769 due to hardcoded credentials. This allows unauthenticated remote attackers...

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise IOCs and detection signatures for additional BRICKSTORM samples...

Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems

CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks...

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't...

Inside the F5 Breach: What We Know and Recommended Actions

On October 15, 2025, F5 Networks disclosed a breach attributed to a sophisticated nation-state actor. In an SEC 8-K form also filed that same day, F5 confirmed unauthorized access to its internal development and knowledge-management systems dating back to August 9, 2025. Some source-code and...

China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware

China-backed UNC5221 targets US legal and tech firms by deploying BRICKSTORM malware on neglected VMware and Linux/BSD appliances, Google's Mandiant reports...

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

Companies in the legal services, software-as-a-service SaaS providers, Business Process Outsourcers BPOs, and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC52...

China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization...