Iran-linked MuddyWater (MITRE G0069) weaponized legitimately signed binaries from SentinelOne (sentinelmemoryscanner.exe) and Fortemedia (fmapp.exe) to sideload malicious DLLs, bypassing signature-based defenses in targeted attacks against airport, government, and manufacturing organizations across nine countries in Q1 2026. Neither vendor has published a patch or advisory for this sideloading vector as of the reporting date. Organizations running either product face an elevated detection gap that requires behavioral compensating controls until vendor guidance is available.