Traditional vulnerabilities remain a key factor in cloud threat actor activity in 2025. In publicly documented incidents in Wiz’s cloud threat landscape, most initial accesses involved weaponized vulnerabilities, exposed secrets, and misconfigurations.
However, the well-known nature of these vectors should not be misinterpreted to mean that the impact of an attacker’s actions will be limited or stagnant. Beyond individual intrusions, major incidents such as Shai-Hulud and React2Shell have demonstrated how systemic weaknesses across shared infrastructure, software dependencies, and trusted integrations can be weaponized to create devastating impacts. These events demonstrated how inherited trust and ecosystem-wide exposure can amplify the impact of well-understood attack techniques.
AI also impacted cloud-focused threat actor activity in 2025, not by introducing fundamentally new attack techniques, but by expanding the cloud attack surface and enabling threat actor workflows in certain cases. As AI-driven infrastructure, tools, and automation become more commonplace, familiar security risks are increasingly emerging in new contexts and on a larger scale.
Source link
