Cloud Attacks Shift Focus to Exploiting Software Vulnerabilities

Cloud Attacks Shift Focus to Exploiting Software Vulnerabilities

First seen 10 Mar 2026, 01:41 UTC Bleepingcomputer 100% similarity 69.5

Article Content

Browse articles
ThreatCluster

Hackers are increasingly targeting newly disclosed vulnerabilities in third-party software to access cloud environments, with the time frame for such attacks decreasing significantly. Google reports a notable decline in the use of weak credentials and misconfigurations in the latter half of 2025, indicating a shift in attack vectors towards bug exploits as the primary means of gaining access.

ThreatCluster AI

Timeline

2025-02-20
CVE-2025-24893 published
2025-02-25
First public PoC for CVE-2025-24893
2025-10-30
CVE-2025-24893 added to CISA KEV (active exploitation)
2025-12-03
CVE-2025-55182 published
2025-12-05
CVE-2025-55182 added to CISA KEV (active exploitation)
2025-12-14
First public PoC for CVE-2025-55182
2026-03-09
Google report on cloud attack trends published

Community

Browse all →