Cloud Attacks Shift to Exploiting Newly Disclosed Flaws
⚠️ Google reports attackers increasingly exploit newly disclosed third‑party vulnerabilities to gain cloud access, with the exploitation window shrinking to days. Bug exploits, especially RCE flaws like React2Shell and XWiki, accounted for 44.5% of intrusions while credential-based breaches fell to 27%. Incidents include OIDC abuse via compromised packages, long-term espionage by state-linked groups, and insider-facilitated exfiltration, prompting calls for automated response.
