NewsNukem
vulnerabilities

Cloud attackers are shifting from stolen credentials to software exploits, Google Cloud says

March 22, 20262 min read2 sources
Share:
Cloud attackers are shifting from stolen credentials to software exploits, Google Cloud says

Attackers targeting cloud environments are now more likely to break in by exploiting software vulnerabilities than by relying on stolen credentials, according to a Google Cloud threat report summarized by Infosecurity Magazine. The report points to a marked rise in exploit-led intrusions, including abuse of a React-related issue Google Cloud refers to as “React2Shell.”

The finding suggests a change in initial access tactics rather than the disappearance of credential theft. Password spraying, phishing, token theft and exposed keys still matter, but Google Cloud says vulnerability exploitation is becoming the preferred route because it can bypass MFA, scale across many targets and deliver code execution quickly on internet-facing systems.

That matters for organizations running public-facing applications, APIs, container platforms and CI/CD services in the cloud. A single unpatched flaw in an exposed service can give attackers a foothold to steal data, deploy cryptominers, move laterally or abuse cloud-native tools for persistence. In practice, this puts more pressure on patching speed, external attack-surface monitoring and prioritizing bugs that are known to be exploited in the wild.

The report also fits a wider industry pattern. CISA’s Known Exploited Vulnerabilities catalog continues to show how quickly newly disclosed flaws are weaponized once proof-of-concept code or active exploitation emerges. For defenders, the implication is that identity controls alone are not enough if vulnerable apps and services remain reachable from the internet. Internet-facing systems, including remote access tools such as VPN gateways, remain attractive targets when patching lags.

Google Cloud’s findings stop short of naming a single victim or campaign in the Infosecurity summary, and the exact technical details behind “React2Shell” were not fully described there. Still, the message is clear: cloud intrusion tradecraft is becoming more exploit-driven, and exposed software flaws are now a faster path into cloud estates than many defenders may assume.

$ vpn --status: UNPROTECTED

Your connection is exposed.

Encrypt your traffic with hide.me VPN — trusted by security professionals.

Get Protected →

sponsored

Share:

// SOURCES

// RELATED

Meta settles bellwether lawsuit alleging addictive design harmed student mental health
vulnerabilities

Meta settles bellwether lawsuit alleging addictive design harmed student mental health

Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological

6 min readMay 24
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
vulnerabilities

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network

A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.

6 min readMay 23
MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems
vulnerabilities

MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems

A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk

6 min readMay 18
The ransomware dilemma: why more than half of security chiefs would pay the price
vulnerabilities

The ransomware dilemma: why more than half of security chiefs would pay the price

A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.

6 min readMay 16