Commvault Is Backdoored, DOGE Leaks Federal SSNs & Ransomware Now Skips Encryption Entirely
Attackers planted a webshell in Commvault's SaaS backup platform — the thing protecting your backups is compromised. A federal data exposure tied to DOGE access is the largest government SSN leak in a decade. And the newest ransomware gangs aren't even bothering to encrypt anymore.
Commvault disclosed a nation-state actor planted a webshell in its SaaS backup environment — check your backup integrity now. A federal data exposure linked to DOGE system access exposed SSNs and financial records for an estimated 2.1 million Americans. A new ransomware trend called encryption-free extortion is surging — attackers steal data and threaten publication without ever encrypting a file. Microsoft Entra ID has a critical privilege escalation flaw under active exploitation. CISA published its 2026 SMB Cybersecurity Grant Program details.
CLICK ANY ARTICLE TO READ THE FULL STORY
Commvault SaaS Backup Compromised — Nation-State Actor Planted Webshell in Metallic Platform
Commvault disclosed that a sophisticated nation-state threat actor exploited CVE-2025-34028 to plant a persistent webshell inside its Metallic SaaS backup platform. Organizations using Commvault Metallic should immediately audit backup integrity and rotate all credentials stored in the platform.
Federal Data Exposure: DOGE System Access Linked to 2.1M SSN and Financial Record Leak
Congressional investigators confirmed that broad system access granted to DOGE personnel resulted in the exposure of Social Security numbers, tax records, and financial data for an estimated 2.1 million Americans. Multiple federal agencies are conducting breach notifications.
Ransomware Groups Drop Encryption — Pure Data Extortion Is Now the Dominant Attack Model
A major shift in ransomware tactics: leading threat groups including Cl0p successors and new entrants are abandoning file encryption entirely, focusing solely on data theft and extortion. Traditional backup-based defenses no longer provide full protection.
CVE-2026-2915 — Microsoft Entra ID Privilege Escalation, Attackers Gaining Global Admin Without Credentials
Microsoft confirmed active exploitation of CVE-2026-2915, a critical privilege escalation vulnerability in Microsoft Entra ID (formerly Azure AD) that allows attackers with any authenticated access to escalate to Global Administrator. Patch or apply mitigations immediately.
CISA Launches 2026 SMB Cybersecurity Grant Program — Up to $50K Available for Small Businesses
CISA announced the 2026 State and Local Cybersecurity Grant Program expansion, making funding available to small businesses through state-administered programs. Eligible businesses can receive grants to implement MFA, EDR, and incident response planning.
Google Workspace OAuth Token Theft Campaign — Attackers Bypassing MFA via Malicious App Authorizations
A large-scale campaign is targeting Google Workspace users with malicious OAuth app authorization requests that grant attackers persistent access to Gmail, Drive, and Calendar — bypassing MFA entirely. Over 15,000 organizations targeted in April 2026.
Need Help Addressing These Threats?
Our team monitors these vulnerabilities and can help you patch, assess, and protect your business before attackers strike.