CISA Warns of Suspected Broader SaaS Application Exploitation in Microsoft Azure

On May 2, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States revealed that Commvault is monitoring a cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. According to the agency, malicious actors may have accessed client secrets of Commvault's (Metallic) Microsoft 365 (M365) backup SaaS solution, hosted in Azure. This situation could indicate a broader exploitation of application secrets and misconfigurations in the cloud.