InfoSecBulletin Cybersecurity for mankind
Commvault confirmed that a sophisticated cyberattack exploiting a zero-day vulnerability breached its Azure cloud environment earlier this week.
On February 20, 2025, Microsoft notified Commvault of unauthorized activity in its Azure cloud environment.
Commvault announced its immediate response, activating incident protocols and involving leading cybersecurity experts and law enforcement.
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets
CISA Issues Seven Advisories for Industrial Control Systems (ICS)
ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware
Fortinet flaws now exploited in Qilin ransomware attacks
The statment reads, “On February 20, 2025, Microsoft notified us about unauthorized activity within our Azure environment by a suspected nation-state threat actor. We immediately activated our incident response plan with the assistance of leading cybersecurity experts and law enforcement.
Our investigation validated that unauthorized access affected a handful of customers and we promptly contacted them to provide assistance. Our investigation also confirmed there was no unauthorized access to any data that Commvault protects for any customer, and no impact on Commvault’s business operations or ability to deliver our products and services.
Action Taken
Our forensic investigation discovered that the threat actor exploited a zero-day vulnerability, which has been patched and we encourage our software customers to do the same. We also rotated affected credentials, continue to further harden our defenses and work with law enforcement.
Working Together
No company is immune to an attack. We believe that sharing information and working together makes us all more resilient. We thank Microsoft for their notification to us, our cybersecurity experts for their trusted partnership, and our customers for their responsiveness and resilience.”
This incident highlights the ongoing and changing nature of cyber threats facing cloud services and managed providers.
Commvault seeks to enhance transparency and encourage collaboration in cybersecurity by sharing details about the breach and its response.
