Most Google Cloud Attacks Start With Bug Exploitation

Zerowl

March 13, 2026

Most Google Cloud Attacks Start With Bug Exploitation

Using user-managed cloud software to get into cloud resources has become the most common way for attackers to get in, taking over from credential abuse This article explores google cloud threat. . Google's Cloud Threat Horizons Report, which comes out every six months, found that attacks on user-managed software applications, like the React2Shell attack that targeted a flaw in React Server Components, were more common than software vulnerabilities as the first way attackers got in.

The report said that "software-based entry," which includes taking advantage of software flaws like remote code execution (RCE) flaws, made up about 44% of all initial-access activity in Google Cloud.

Crystal Lister, a security advisor in the Office of the CISO at Google Cloud, says that the change is probably because the company is focusing on secure-by-default strategies and cloud users are taking steps to make the stolen credentials and misconfiguration attack surfaces smaller. Related: "InstallFix" Attacks Spread Fake Claude Code Sites "As defenders work to fix some of the initial, long-lasting cloud hygiene problems, attackers are being forced to focus on more advanced, automated paths," she says. According to Das from Qualys, LLMs make it easier for attackers who aren't very good with technology to vibe-code well-made reconnaissance and exploitation frameworks.

This means that more attackers can carry out attacks that are somewhat advanced. ""Defenders used to have more time to respond to a vulnerability," he says.

"Today, the response window is only a few hours long, but most patch management systems were never meant to work that quickly." This is why businesses need to be more aggressive about patching. Google's Lister says that companies should virtually patch holes within 24 hours of a public report and completely fix the problem within 72 hours.

"Defenders should replace manual processes with identity-centric proxies and automated posture enforcement," she says. For instance, Google Cloud's Organization Policy services could be used to stop overly permissive firewall rules from being made in the first place.

Most Google Cloud Attacks Start With Bug Exploitation

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs