The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about cybersecurity threats facing SaaS companies, particularly those with weak security settings. It highlighted recent unauthorized activities detected in Commvault's Azure environments. A blog post by Commvault's chief trust officer disclosed that Microsoft informed them in February regarding potential breaches by nation-state actors. A specific zero-day vulnerability, CVE-2025-3928, is under scrutiny, although Commvault confirmed that customer data was not compromised. The incident underscores the importance of securing app credentials to protect M365 environments from potential exploitation.
CISA warns that SaaS companies face increasing risks from criminals exploiting weak security, targeting apps with default settings and elevated permissions.
Commvault's chief trust officer revealed that Microsoft alerted them about potential nation-state intrusions, emphasizing the need for stronger security measures.
Collection
[
|
...
]