Commvault
-
China-linked Murky Panda exploits cloud trust to move laterally, CrowdStrike finds
A CrowdStrike 2025 Threat Hunting Report finds a 136% increase in cloud intrusions, driven by Murky Panda’s use of zero-day exploits and, more notably, their manipulation of trusted cloud relationships to move from SaaS providers into downstream customer environments, with links to a February 2025 breach of Commvault’s Microsoft Azure cloud environment highlighted as a…
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
CISA Reports Cyber Threats Targeting Commvault’s Azure SaaS Applications
CISA has issued a warning about cyber threat activity targeting Commvault’s Azure-hosted applications, potentially compromising client secrets and customer data. The agency has recommended preventative measures to safeguard against such attacks.
-
Commvault Reports Cyber Breach Linked to Nation-State Actor, Confirms No Unauthorized Data Access
Commvault has confirmed a breach in its Microsoft Azure environment by a nation-state actor exploiting CVE-2025-3928. The company, however, reassured clients that there has been no unauthorized access to backup data and has taken steps to enhance security.
