Cloud environments third-party flaw exploitation wave
Exploitation Wave
Summary
Hide ▲
Show ▼
Threat actors are rapidly weaponizing newly disclosed third-party vulnerabilities to reach cloud environments, compressing the exploitation window from weeks to days and increasing the risk of initial access. Google says RCE flaws are the most frequent type abused, with CVE-2025-55182 and CVE-2025-24893 among the most visible examples.
Cases
Related Happenings
PCPJack worm-like credential theft framework
Malware Activity
First: 07.05.2026 20:45
Last: 07.05.2026 20:45
Sources 1
About this happening:
The **PCPJack** malware framework now conducts **credential theft** across exposed cloud infrastructure, raising the risk of account takeover and follow-on intrusion. It matters b...
PCPJack worm-like credential theft framework
Malware ActivityAbout this happening: The **PCPJack** malware framework now conducts **credential theft** across exposed cloud infrastructure, raising the risk of account takeover and follow-on intrusion. It matters b...
Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
First: 23.04.2026 13:09
Last: 23.04.2026 13:09
Sources 1
About this happening:
**Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Zealot autonomous AI cloud intrusion proof of concept
Technical AnalysisAbout this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Unit 42 Zealot proves autonomous cloud attack chaining in GCP
Technical Analysis
First: 23.04.2026 13:00
Last: 23.04.2026 13:00
Sources 1
About this happening:
**Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...
Unit 42 Zealot proves autonomous cloud attack chaining in GCP
Technical AnalysisAbout this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...
Victim organization's AWS environment hit by data theft breach
Incident
First: 11.03.2026 09:31
Last: 11.03.2026 09:31
Sources 1
About this happening:
**UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
Victim organization's AWS environment hit by data theft breach
IncidentAbout this happening: **UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target Trend
First: 10.03.2026 17:30
Last: 10.03.2026 17:30
Sources 1
How related:
In total, third-party software-based entry accounted for 44.5% of primary entry vectors during the second half of 2025. This represents a significant increase from the 2.9% observed during the first half of the year.
About this happening:
Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target TrendHow related: In total, third-party software-based entry accounted for 44.5% of primary entry vectors during the second half of 2025. This represents a significant increase from the 2.9% observed during the first half of the year.
About this happening: Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Timeline
-
09.03.2026 23:45 2 articles · 2mo ago
Google reports cloud exploitation of newly disclosed third-party flaws
Initial DisclosureGoogle reports that cloud attackers are increasingly using newly disclosed third-party vulnerabilities for initial access, with bug exploits accounting for 44.5% of investigated intrusions and credentials for 27%. The report highlights rapid weaponization of remote code execution flaws such as CVE-2025-55182 and CVE-2025-24893, and says exploitation can begin within 48 hours of disclosure.
Show sources
- Google: Cloud attacks exploit flaws more than weak credentials — www.bleepingcomputer.com — 09.03.2026 23:45
- Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds — www.infosecurity-magazine.com — 10.03.2026 17:30