Cybersecurity developments this week highlight critical vulnerabilities and incidents that warrant attention. From a zero-day exploit affecting Dell RecoverPoint to the emergence of new malware targeting Android devices, the landscape remains complex and evolving.
Zero-Day Exploit in Dell RecoverPoint
A severe security vulnerability has been identified in Dell RecoverPoint for Virtual Machines, exploited as a zero-day by a suspected threat group known as UNC6201 since mid-2024. This vulnerability, tracked as CVE-2026-22769 with a CVSS score of 10.0, involves hard-coded credentials affecting versions prior to 6.0.3.1 HF1. The exploit allows unauthorized access to the Apache Tomcat Manager, enabling attackers to upload a web shell and execute commands as root, potentially deploying the BRICKSTORM backdoor and its newer variant, GRIMBOLT.
Emergence of PromptSpy Malware
Researchers at ESET have reported the discovery of PromptSpy, a new Android malware that utilizes generative AI to maintain persistence on infected devices. This malware leverages Google Gemini to analyze the current screen and provide instructions for keeping the malicious app pinned in the recent apps list. The campaign appears to target users in Argentina, although Google has confirmed that no apps containing this malware have been found on the Google Play Store.
Pre-Installed Malware in Android Devices
Kaspersky has identified a new Android backdoor named Keenadu, which is embedded in device firmware and capable of silently harvesting data and controlling device behavior. This malware is delivered via compromised firmware through over-the-air updates, allowing it to operate with high privileges from the moment the device is activated. It can infect other apps and deploy additional software, but it remains dormant under specific conditions, such as devices set to Chinese languages or lacking Google Play Services. The source of this malware has not been attributed to a specific threat actor, but its complexity suggests a sophisticated understanding of Android architecture.
Concerns Over Password Managers’ Security Claims
A recent study from ETH Zurich and Università della Svizzera italiana has raised questions about the zero-knowledge claims made by popular password managers like Bitwarden, Dashlane, and LastPass. The research indicates that these claims may not hold true in all scenarios, particularly when account recovery options are enabled or when vaults are shared. The findings suggest that under certain conditions, an insider or attacker could potentially access the contents of entire vaults.
As the cybersecurity landscape continues to evolve, these incidents underscore the importance of vigilance and proactive measures to safeguard sensitive information.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
