Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025

Trend
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

Threat actors targeting Google Cloud environments shifted in H2 2025 from credential abuse to unpatched third-party vulnerabilities, materially changing initial-access risk across cloud workloads. Third-party software-based entry rose to 44.5% of primary vectors, up sharply from 2.9% in H1 2025. The trend shows attackers are reaching cloud services faster through exposed software than through weak accounts. It also compresses defender response time because newly disclosed flaws can be exploited within days.

Related Happenings

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
H score1 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...

Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication

Technical Analysis
H score16 First: 21.05.2026 23:07 Last: 21.05.2026 23:07 Sources 1

About this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
H score28 First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw

Vulnerability
H score3 First: 10.03.2026 15:20 Last: 10.03.2026 15:20 Sources 1

About this happening: Researchers disclosed **nine cross-tenant vulnerabilities** in **Google Looker Studio** that could let attackers run **arbitrary SQL queries** on victims' databases and exfiltrate...

Cloud environments third-party flaw exploitation wave

Exploitation Wave
H score37 First: 09.03.2026 23:45 Last: 09.03.2026 23:45 Sources 1

How related: For example, Google Cloud noted that within just 48 hours of the public disclosure of React2Shell in December 2025, multiple threat actors had already exploited the vulnerability to infect victims with cryptocurrency mining malware.

About this happening: **Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...

Timeline

  1. 10.03.2026 17:30 2 articles · 4mo ago

    Google Cloud reports a shift from credentials to third-party vulnerabilities

    Technical Analysis Update

    Google Cloud says threat actors targeting Google Cloud environments increasingly used unpatched third-party vulnerabilities in the second half of 2025 instead of weak or missing credentials, with third-party software-based entry reaching 44.5% of primary vectors and weak or absent credentials falling to 27.2%. The report also says the window between vulnerability disclosure and mass exploitation shrank from weeks to days, and that React2Shell in React Server Components was exploited within 48 hours of public disclosure to infect victims with cryptocurrency mining malware.

    Show sources