Friday , May 2 2025
Commvault

Commvault Confirms Its Azure Cloud Environment Breach via Zero-Day Attack

infosecbulletin 1 day ago Cyber Attack

Commvault confirmed that a sophisticated cyberattack exploiting a zero-day vulnerability breached its Azure cloud environment earlier this week.

On February 20, 2025, Microsoft notified Commvault of unauthorized activity in its Azure cloud environment.
Commvault announced its immediate response, activating incident protocols and involving leading cybersecurity experts and law enforcement.

Microsoft New Accounts Go Passwordless By Default

By infosecbulletin / Friday , May 2 2025
Microsoft is focusing on eliminating password-based authentication, promoting passwordless sign-in and sign-up methods instead. For the past decade, Microsoft has...
Read More
Microsoft New Accounts Go Passwordless By Default

SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances

By infosecbulletin / Friday , May 2 2025
SonicWall's Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a...
Read More
SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances

Patch Now! SonicWall Confirms Active Exploitation of SMA 100 Vulns

By infosecbulletin / Thursday , May 1 2025
On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively...
Read More
Patch Now! SonicWall Confirms Active Exploitation of SMA 100 Vulns

Commvault Confirms Its Azure Cloud Environment Breach via Zero-Day Attack

By infosecbulletin / Thursday , May 1 2025
Commvault confirmed that a sophisticated cyberattack exploiting a zero-day vulnerability breached its Azure cloud environment earlier this week. On February...
Read More
Commvault Confirms Its Azure Cloud Environment Breach via Zero-Day Attack

Ransomware Attack On Biopharma : Hacker seeks $80k

By infosecbulletin / Thursday , May 1 2025
Indian Pimpri Chinchwad police's cyber cell is looking into a complaint where a hacker demanded $80,000 (over Rs 68 lakh)...
Read More
Ransomware Attack On Biopharma : Hacker seeks $80k

Apple warns new victims of spyware attacks across the world

By infosecbulletin / Thursday , May 1 2025
This week, Apple notified several individuals it believes were targeted by government spyware, according to two of those individuals. As...
Read More
Apple warns new victims of spyware attacks across the world

Ticket resaler exposed ​​520,054 records size of 200 GB

By infosecbulletin / Wednesday , April 30 2025
Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database with 520,054 records from an event ticket resale platform and reported it...
Read More
Ticket resaler exposed ​​520,054 records size of 200 GB

“bCloud” Starts Journey in Bangladesh Targeting Cloud Solutions

By infosecbulletin / Wednesday , April 30 2025
Banglalink, the country’s leading digital operator, has launched bCloud, its very own cloud service brand aimed at delivering world-class cloud...
Read More
“bCloud” Starts Journey in Bangladesh Targeting Cloud Solutions

Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

By infosecbulletin / Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

By infosecbulletin / Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

The statment reads, “On February 20, 2025, Microsoft notified us about unauthorized activity within our Azure environment by a suspected nation-state threat actor. We immediately activated our incident response plan with the assistance of leading cybersecurity experts and law enforcement.

Our investigation validated that unauthorized access affected a handful of customers and we promptly contacted them to provide assistance. Our investigation also confirmed there was no unauthorized access to any data that Commvault protects for any customer, and no impact on Commvault’s business operations or ability to deliver our products and services.

Action Taken
Our forensic investigation discovered that the threat actor exploited a zero-day vulnerability, which has been patched and we encourage our software customers to do the same. We also rotated affected credentials, continue to further harden our defenses and work with law enforcement.

Working Together
No company is immune to an attack. We believe that sharing information and working together makes us all more resilient. We thank Microsoft for their notification to us, our cybersecurity experts for their trusted partnership, and our customers for their responsiveness and resilience.”

This incident highlights the ongoing and changing nature of cyber threats facing cloud services and managed providers.

Commvault seeks to enhance transparency and encourage collaboration in cybersecurity by sharing details about the breach and its response.

Check Also

SessionShark

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin