Tag Microsoft

Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident

May 01, 2025
Zero-Day / Threat Intelligence

Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…

Commvault Confirms Breach Linked to CVE-2025-3928 Exploitation in Azure Environment May 1, 2025 Threat Intelligence Commvault, a leader in enterprise data backup solutions, has disclosed that its Microsoft Azure environment was compromised by an unidentified nation-state threat actor exploiting the recently identified vulnerability, CVE-2025-3928. In a statement, the company assured…

Read More

Commvault Acknowledges Zero-Day Exploitation of CVE-2025-3928 by Hackers in Azure Incident

May 01, 2025
Zero-Day / Threat Intelligence

Commvault, an enterprise data backup platform, has confirmed that a nation-state threat actor compromised its Microsoft Azure environment by exploiting the zero-day vulnerability CVE-2025-3928. However, the company reassured that there is no evidence of unauthorized access to customer data. “The incident has impacted a limited number of customers shared with Microsoft, and we are providing them with support,” Commvault stated in its update. They emphasized that customer backup data remains secure, with no significant effects on business operations or service delivery. According to an advisory issued on March 7, 2025, Commvault was alerted by Microsoft on February 20 regarding unauthorized activities, and has since rotated affected credentials and strengthened security measures. This disclosure follows recent reports from the U.S. Cybersecurity…

Microsoft Addresses 67 Vulnerabilities, Including Active WEBDAV Zero-Day Exploit

On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…

Microsoft Addresses 67 Security Vulnerabilities, Including Actively Exploited WebDAV Zero-Day On June 11, 2025, Microsoft announced a significant security update aimed at patching 67 identified vulnerabilities, among which is a concerning zero-day exploit related to Web Distributed Authoring and Versioning (WebDAV). This specific vulnerability has been reportedly exploited in the…

Read More

Microsoft Addresses 67 Vulnerabilities, Including Active WEBDAV Zero-Day Exploit

On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021 In a concerning development for organizations utilizing Progress Software’s MOVEit Transfer application, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory highlighting the active exploitation of a newly…

Read More

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).

BlackByte 2.0 Ransomware: Rapid Infiltration, Data Encryption, and Extortion in Just 5 Days

Published: Jul 07, 2023
Category: Endpoint Security / Ransomware

Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.

BlackByte 2.0 Ransomware: A Rapid Assault on Organizations On July 7, 2023, Microsoft’s Incident Response team released findings highlighting the alarming speed and impact of BlackByte 2.0 ransomware attacks, which are proving to be an escalating threat for organizations worldwide. The investigations revealed that cybercriminals can orchestrate a complete attack—from…

Read More

BlackByte 2.0 Ransomware: Rapid Infiltration, Data Encryption, and Extortion in Just 5 Days

Published: Jul 07, 2023
Category: Endpoint Security / Ransomware

Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction On June 12, 2025, cybersecurity experts disclosed a significant vulnerability known as EchoLeak, which has been classified as a “zero-click” artificial intelligence (AI) exploit. This flaw allows malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without…

Read More

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

June 12, 2025
Artificial Intelligence / Vulnerability

A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.

Feds Take Down Notorious DDoS-for-Hire Operation ‘Rapper Botnet’

Cybercrime, Fraud Management & Cybercrime Oregon Man Charged for Operating DDoS Attack Service Mathew J. Schwartz (@euroinfosec) • August 20, 2025 Image: Shutterstock Federal authorities have charged a 22-year-old from Oregon for operating a sophisticated, on-demand distributed denial-of-service (DDoS) attack service known as “Rapper Bot.” Prosecutors allege that the service…

Read MoreFeds Take Down Notorious DDoS-for-Hire Operation ‘Rapper Botnet’

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.

Microsoft Averts Chinese Cyber Espionage Targeting Western European Governments On July 11, 2023, Microsoft disclosed its successful defense against a sophisticated cyber attack orchestrated by a Chinese state-sponsored group. This operation targeted approximately two dozen organizations, including several governmental entities across Western Europe, in an effort to extract confidential information.…

Read More

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.

⚡ Weekly Highlights: Zero-Day Vulnerabilities, Insider Risks, APT Activity, Botnet Threats, and More

May 19, 2025
Threat Intelligence / Cybersecurity

Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.

Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…

Weekly Cybersecurity Recap: Zero-Day Exploits, Insider Threats, and Emerging Cyber Risks Date: May 19, 2025 In the ever-evolving landscape of cybersecurity, professionals face a dual challenge: defending against aggressive attacks while safeguarding trust, ensuring operational continuity, and preserving their organization’s reputation. Recent events have underscored a critical issue stemming from…

Read More

⚡ Weekly Highlights: Zero-Day Vulnerabilities, Insider Risks, APT Activity, Botnet Threats, and More

May 19, 2025
Threat Intelligence / Cybersecurity

Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.

Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…