Nation-state threat actors are targeting Commvault applications hosted in Microsoft Azure as part of a broader campaign against SaaS cloud platforms. CISA recommends organizations implement security best practices such as credential rotation and log monitoring to defend against these attacks. #CVE20253928 #AzureThreats
Keypoints
- Threat actors exploited CVE-2025-3928 to access Commvault applications in Azure.
- The attackers potentially gained access to client secrets for Microsoft 365 backups hosted in Azure.
- Organizations are advised to monitor audit logs and implement conditional access policies.
- Remediation includes rotating credentials, blocking malicious IPs, and applying security updates.
- The campaign may target various SaaS applications with similar default configurations and permissions.
Read More: https://thecyberexpress.com/commvault-m365-threat-broader-saas-campaign/