Bleepingcomputer
Cloud Attacks Shift Focus to Exploiting Software Vulnerabilities
First seen 10 Mar 2026, 01:41 UTC
•
•100% similarity
•69.5
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Hackers are increasingly targeting newly disclosed vulnerabilities in third-party software to access cloud environments, with the time frame for such attacks decreasing significantly. Google reports a notable decline in the use of weak credentials and misconfigurations in the latter half of 2025, indicating a shift in attack vectors towards bug exploits as the primary means of gaining access.
ThreatCluster AI
Timeline
2025-02-20
CVE-2025-24893 published
2025-02-25
First public PoC for CVE-2025-24893
2025-10-30
CVE-2025-24893 added to CISA KEV (active exploitation)
2025-12-03
CVE-2025-55182 published
2025-12-05
CVE-2025-55182 added to CISA KEV (active exploitation)
2025-12-14
First public PoC for CVE-2025-55182
2026-03-09
Google report on cloud attack trends published