The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch their systems within three days against a serious Dell vulnerability that’s been exploited since mid-2024. A Chinese hacking group, UNC6201, is using the flaw to deploy malware payloads, including a new backdoor called Grimbolt. CISA has added the security flaw to its Known Exploited Vulnerabilities catalog and warned of significant risks to federal enterprises. Agencies must apply mitigations per vendor instructions or discontinue use if unavailable by February 21.
Source: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days