CISA has issued an alert concerning a cyber threat targeting Commvault’s software-as-a-service (SaaS) backup solution, Metallic, which operates within Microsoft Azure. Threat actors may have exploited stored client secrets, potentially compromising customers’ Microsoft 365 environments. This activity appears to be part of a broader campaign against SaaS providers with default configurations and elevated permissions. CISA recommends reviewing Entra logs for unusual activity, rotating application secrets—particularly for customers with control over these credentials—and enforcing conditional access policies, which may require an Entra Workload ID Premium License. Additional on-premises precautions include restricting interface access to trusted networks and monitoring for suspicious uploads. Customers should apply all relevant patches and adhere to CISA and NSA’s identity and access management best practices. For further information, refer to the CISA Alert.