CISA Orders Emergency Patch for Actively Exploited Dell Flaw;
whatshot 5 snips
Feb 20, 2026
A critical Dell vulnerability forced an emergency three-day patch directive and involves hard-coded credentials and root access risks. A lawsuit accuses a major router maker of deceptive security and origin claims tied to state-aligned threats. Researchers uncovered nearly 1 billion exposed identity records from an unsecured database. Allegations surface that core Social Security data may have been copied to the cloud without oversight.
08:33
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Hard-Coded Credentials Enable Full Takeover
The flaw in Dell RecoverPoint stemmed from hard-coded credentials enabling unauthenticated root access.
CISA linked exploitation to a China-aligned threat cluster and rated the flaw CVSS 10 for maximum severity.
volunteer_activism ADVICE
Urgent Patch Dell RecoverPoint
Patch Dell RecoverPoint immediately if you use it because CISA found active exploitation.
Apply Dell's update within three days to prevent unauthenticated root access via hard-coded credentials.
insights INSIGHT
Geopolitics Shapes Device Risk
Texas argues Chinese national intelligence law heightens risk if devices or components have Chinese ties.
TP-Link denies the claims and says it stores U.S. user data on AWS and runs core operations in the U.S.
Get the Snipd Podcast app to discover more snips from this episode
CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations
Host Jim Love covers four cybersecurity stories:
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst
CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised.
00:00 Sponsor Message: Meter's Full-Stack Networking 00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims 00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE 02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations 03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed 05:07 Did SSA Data Leak? Whistleblower vs. Official Denial 06:54 Host Take: What If the "Foundational" Database Was Compromised? 07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo
Cybersecurity Today