Commvault Azure Breach Exposes Zero-Day Vulnerability CVE-2025-3928
On March 7, 2025, Commvault confirmed a significant breach in its Microsoft Azure environment, attributed to the exploitation of a zero-day vulnerability, CVE-2025-3928. While the breach affected a limited number of customers, Commvault reassured users that there was no unauthorized access to sensitive customer data. This vulnerability has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog, mandating that federal agencies implement patches by May 19, 2025. In response, Commvault has ramped up its security protocols and encouraged customers to closely monitor their sign-in activities for any suspicious behavior. This incident underscores the ongoing threats posed by zero-day vulnerabilities and the critical importance of timely patch management in organizational cybersecurity strategies. Source
Also In Security Today
- T-Mobile Breach Settlement: T-Mobile has settled a class-action lawsuit for $350 million over a breach affecting 76 million customers. The settlement is part of ongoing efforts to address customer data protection. Source
- Legacy Professionals, LLP Incident: An unauthorized third party accessed sensitive information at Legacy Professionals, raising serious concerns over the security of customer Social Security numbers. Source
- Reading Cooperative Bank Phishing Attack: A phishing attack on Reading Cooperative Bank compromised customer data, prompting the bank to enhance its cybersecurity measures significantly. Source
- Surge in Cyber Threats: March 2025 has seen a notable increase in cyberattacks across various sectors, particularly focusing on education and healthcare, highlighting the urgent need for enhanced security protocols. Source