Daily Intel Brief — 2026-04-15 — Arc Security Research

In this brief

Critical Dell/VMware CVEs Actively Exploited
PortSwigger Research on HTTP/1.1 Vulnerabilities
Nuclei Templates Coverage for 10 Actively Exploited KEVs
CISA Updates Known Exploited Vulnerabilities (KEV) Catalog
Practical Bug Bounty Recon Techniques for 2026

Critical Dell/VMware CVEs Actively Exploited

WhatCVE-2026-22769 (CVSS 10) in Dell RecoverPoint for Virtual Machines has been covertly exploited since mid-2024. VMware Aria Operations 8.x is also affected, with a workaround involving sudoers file modification.

Sourcewww.greenbone.net

Applies toServers running Dell RecoverPoint or VMware Aria Operations.

Why it mattersThese are critical, widely exploited vulnerabilities requiring immediate patching or workaround implementation.

PortSwigger Research on HTTP/1.1 Vulnerabilities

WhatNew research presented at Black Hat USA 2025 details practical HTTP/1.1 protocol vulnerabilities, urging a shift to safer protocols.

Sourcewww.businesswire.com

Applies toGeneral (web applications and services using HTTP/1.1).

Why it mattersIdentifies foundational protocol-level risks that may bypass application-layer security controls.

Nuclei Templates Coverage for 10 Actively Exploited KEVs

WhatNuclei Templates v10.2.1/10.2.2 released 106 new templates covering 57 CVEs, including 10 actively exploited KEVs (CISA's Known Exploited Vulnerabilities).

Sourceprojectdiscovery.io

Applies toGeneral (security testing and asset scanning).

Why it mattersProvides immediate, validated detection capabilities for the most urgent threats in the wild.

CISA Updates Known Exploited Vulnerabilities (KEV) Catalog

WhatCISA added five new vulnerabilities to its KEV catalog based on evidence of active exploitation, urging all organizations to prioritize remediation.

Sourcecyberinsider.ca

Applies toGeneral (all organizations).

Why it mattersThe KEV catalog is a primary, authoritative source for prioritizing patching of vulnerabilities under active attack.

Practical Bug Bounty Recon Techniques for 2026

WhatA 2026 roadmap emphasizes targeted recon: using tools like Netlas, Google dorking with `site:target.com ext:log` or `inurl:admin`, and avoiding scattered testing.

Sourcenetlas.io

Applies toGeneral (external attack surface assessment).

Why it mattersOutlines current, effective methods for initial surface enumeration and finding low-hanging fruit.

Sources reviewed

21 total. Selected the 5 with specific, actionable technical details (CVEs, detection templates, protocol flaws, authoritative priority lists, recon techniques). Discarded promotional content (bug bounty program lists, tool advertisements) and non-technical announcements (GitHub UI changes).

Gaps identified

The external intelligence does not cover the specific attack vector described in the TARGET CONTEXT (AI model social engineering via malicious project file uploads). This represents a novel threat surface not yet reflected in broader threat reporting. [Internal: research/project-injection/anthropic-project-injection-report.md]

Is your WordPress site exposed to threats like these?

Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.

Scan your site free →

← All research