According to the report, based on observations from the second half of 2025, the window between vulnerability disclosure and mass exploitation has shrunk from weeks to just days. This acceleration, in particular, is driven by automation and AI-assisted reconnaissance that help attackers identify weaknesses rapidly. Meanwhile, instead of attacking major cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud directly, cybercriminals target unpatched third-party software. For example, the React Server Components vulnerability, React2Shell (CVE-2025-55182), was exploited within 48 hours of its disclosure.
Cloud Attacks Are Accelerating, Google Warns
Cloud security threats are escalating rapidly as cloud attacks become faster and more sophisticated. A new report from Google Cloud warns that attackers are now exploiting vulnerabilities within days of disclosure, dramatically reducing the time organizations have to respond.
Another attack involved a vulnerability in the XWiki Platform (CVE-2025-24893). Although the flaw was patched in 2024, delayed patch deployment allowed attackers to exploit it months later for remote code execution and crypto-mining operations.
The report also documents complex supply chain attacks. In one incident, the state-linked group UNC4899 targeted a developer with a malicious archive disguised as an open-source collaboration project. The file installed malware that impersonated a Kubernetes command-line tool, allowing attackers to gain access to the corporate environment.
Identity-based attacks are also increasing. According to the report, 21% of incidents involved stolen identities or compromised trusted relationships with third parties. Other techniques included voice-based phishing (17%), email phishing (12%), and exploitation of misconfigured infrastructure assets.
To defend against these threats, Google Cloud recommends stronger patch management, improved identity and access controls, network monitoring, and prepared incident response plans. The report also suggests that automated and AI-assisted security defenses may be necessary to counter increasingly automated cyberattacks.
As cloud adoption continues to grow, organizations must respond quickly to vulnerabilities and strengthen their security posture to prevent attackers from exploiting increasingly short attack windows.
Key Takeaways:
- Cloud attacks now occur within days of vulnerability disclosure.
- Attackers increasingly target third-party software integrated into cloud environments.
- Identity compromise and social engineering are growing attack vectors.
- Supply chain attacks can provide attackers with direct access to corporate systems.
- Automated security defenses are becoming essential for cloud protection.
Source:
https://www.zdnet.com/article/google-cloud-threat-report-third-party-software-ai-attacks/
Get Started
Ready to Build Your Next Product?
Start with a 30-min discovery call. We'll map your technical landscape and recommend an engineering approach.
000 +
Engineers
Full-stack, AI/ML, and domain specialists
00 %
Client Retention
Multi-year partnerships with global enterprises
0 -wk
Avg Ramp
Full team deployed and productive