CISA Adds CVE-2025-3928, Samsung MagicINFO 9, Google Chrome OAuth Flaws Amid Broader SaaS Attack Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting an increase in cyber threats targeting software-as-a-service (SaaS) applications and cloud environments. Among the newly listed flaws is a vulnerability in Samsung MagicINFO 9 Server. Additionally, CISA issued an advisory concerning cyber threat activity targeting Commvault’s Metallic SaaS cloud application, which involved exploitation of CVE-2025-3928 leading to the compromise of Microsoft 365 credentials. This incident is part of a broader campaign exploiting default configurations and excessive permissions in SaaS applications. Furthermore, a Google Chrome vulnerability that allows the leakage of OAuth codes has also been added to the catalog. CISA warns that SaaS providers are increasingly targeted due to app secrets exposure and cloud misconfigurations, emphasizing the need for improved security measures in cloud and SaaS environments.