Security News > 2025 > May > Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
2025-05-01 08:11
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company
News URL
https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html
Related news
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-25 | CVE-2025-3928 | Unspecified vulnerability in Commvault Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. | 8.8 |