Security News Google: Cloud attacks exploit flaws more than weak credentials

[Divergent]

Content source

https://www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

At the same time, the use of weak credentials or misconfigurations has dropped significantly in the second half of 2025, Google notes in a report highlighting the trends on threats to cloud users.

According to the report, incident responders determined that bug exploits were the primary access vector in 44.5% of the investigated intrusions, while credentials were responsible for 27% of the breaches.

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

www.bleepingcomputer.com

 

[lokamoka820]

According to Google’s latest threat report, vulnerability exploitation was the main initial access method in 44.5% of cloud intrusions investigated in the second half of 2025. Compromised credentials made up 27% of cases. Google says this shift likely reflects stronger account protections and secure-by-default measures that are making credential-based attacks less effective.

Google: Cloud Attacks Now Exploit Software Flaws More Often Than Credentials - gHacks Tech News

Google's latest cloud threat report shows bug exploitation has overtaken credential theft as the primary entry point for attackers.

www.ghacks.net