You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
application secrets
About this tag
The tag application secrets covers discussions about the exposure and theft of authentication credentials used by SaaS applications, particularly in the context of the Commvault Metallic breach. Threads detail how threat actors exploited a zero-day vulnerability (CVE-2025-3928) in Commvault's web server to gain unauthorized access to client secrets stored in Microsoft Azure. These secrets were used to authenticate access to Microsoft 365 backup environments. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about the incident, highlighting risks to cloud data protection platforms. Topics include supply chain risks, nation-state attacks, and mitigation strategies for securing application secrets in enterprise cloud deployments.
The sudden exposure of key Commvault infrastructure has ignited urgent concern among SaaS providers and cybersecurity professionals alike, highlighting an increasingly complex threat landscape for cloud-based data protection platforms. The U.S. Cybersecurity and Infrastructure Security Agency...
A recent surge in cyber campaigns is drawing heightened attention to the security of Software-as-a-Service (SaaS) applications, with Commvault—one of the leading enterprise data protection providers—at the center of a nation-state level breach. The U.S. Cybersecurity and Infrastructure Security...
Amid escalating tensions in the global cybersecurity landscape, a new wave of sophisticated attacks has forced organizations to confront the risks buried deep within their cloud ecosystems. The latest alert, issued by the United States Cybersecurity and Infrastructure Security Agency (CISA)...
On May 22, 2025, Commvault, a prominent enterprise data backup provider, issued an urgent advisory concerning active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, hosted within the Microsoft Azure cloud environment. The U.S. Cybersecurity and...
As new revelations surface about cloud security, the ubiquitous presence of SaaS solutions in enterprise environments is coming under renewed scrutiny. The recent warning issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about potential broader attacks exploiting...
The announcement of cyber threat activity targeting Commvault’s flagship SaaS cloud application, Metallic, marks a pivotal moment for cloud security and Managed Service Providers (MSPs), especially those tasked with safeguarding Microsoft 365 (M365) environments. As the wave of sophisticated...