Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cloud identity weakness is driving a surge in cloud attacks

Target Trend
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Identity-related weakness is now a major driver of cloud attacks, raising compromise risk across organizations with large identity footprints. In Q3 2025, 44% of true-positive alerts were tied to identity problems, and 99% of cloud identities were described as over-privileged. The pattern expands exposure across AWS, Azure, Google Cloud, and SaaS applications by making legitimate logins easier for attackers to abuse.

Related Happenings

Storm-2949 Microsoft 365 and Azure data-theft campaign

Campaign
First: 19.05.2026 22:35 Last: 19.05.2026 22:35 Sources 1

About this happening: The **Storm-2949** campaign is targeting **Microsoft 365 and Azure production environments** to steal sensitive data, increasing the risk of privileged-account takeover and cloud...

Open Happening

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Open Happening

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Open Happening

OAuth device-code phishing campaign targeting SaaS accounts

Campaign
First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...

Open Happening

XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations

Technical Analysis
First: 23.03.2026 13:55 Last: 23.03.2026 13:55 Sources 1

About this happening: **XM Cyber** mapped **eight validated attack vectors** in **AWS Bedrock**, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...

Open Happening

Timeline

  1. 04.11.2025 15:00 2 articles · 6mo ago

    ReliaQuest says identity-related weakness is driving cloud attacks

    Initial Disclosure

    ReliaQuest says 44% of true-positive alerts in Q3 2025 were tied to identity-related weakness, including excessive permissions, misconfigured roles and credential abuse, while 99% of cloud identities were over-privileged. The company also says poor DevOps practices can systematically redeploy legacy vulnerabilities in new software, and that 71% of critical vulnerability alerts it managed during the quarter came from four CVEs dating back to 2021.

    Show sources
    Open in new tab