Backup Security | Breaking Cybersecurity News | The Hacker News

The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has emerged as one of the most active ransomware groups , accounting for 84 victims each in the months of August and September 2025. The Russian-speaking threat group emerged around July 2022. According to data compiled by Cisco Talos, the U.S., Canada, the U.K., France, and Germany are some of the countries most impacted by Qilin. The attacks have primarily singled out manufacturing (23%), professional and scientific services (18%), and wholesale trade (10%) sectors. Attacks mounted by Qilin affiliates have likely leveraged leaked administrative credentials on the dark web for initial access using a VPN interface, followed by performing RDP connections to th...

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with less or no technical expertise to launch large-scale, damaging attacks. And these attacks don't just encrypt data now. They exfiltrate sensitive information for double and triple extortion, alter or delete backups, and disable recovery infrastructure to block restoration efforts. This is especially critical for small and midsize businesses (SMBs), which are increasingly targeted due to their leaner defenses. For an SMB generating $10 million in annual revenue, even a single day of downtime can cost $55,076 , without factoring in the long-term impact on customer trust and brand reputation. While...

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the company said in an advisory. CVE-2025-23121 impacts all earlier version 12 builds, including 12.3.1.1139. It has been addressed in version 12.3.2 (build 12.3.2.3617). Security researchers at CODE WHITE GmbH and watchTowr have been credited with discovering and reporting the vulnerability. Cybersecurity company Rapid7 noted that the update likely addresses concerns shared by CODE WHITE in late March 2025 that the patch put in place to plug a similar hole ( CVE-2025-23120 , CVSS score: 9.9) could be bypassed. Also addressed by Veeam is another flaw in the same product (CVE-2025...

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today's ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout. Notably, these attacks are carefully engineered takedowns of your defenses. The threat actors disable backup agents, delete snapshots, modify retention policies, encrypt backup volumes (especially those that are network accessible) and exploit vulnerabilities in integrated backup platforms. They are no longer trying just to deny your access but erase the very means of recovery. If your backup environment isn't built with this evolving threat landscape in mind, it's at high risk of getting compromised. How can IT pros defend against this? In this guide, we'll uncover the weak strategies that lea...

Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company said in an update. "Importantly, there has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services." In an advisory issued on March 7, 2025, Commvault said it was notified by Microsoft on February 20 about unauthorized activity within its Azure environment and that the threat actor exploited CVE-2025-3928 as a zero-day. It also said it rotated affected credentials and enhanced security measures. The disclosure comes as the U.S. Cybersecurity ...