{"id":222138,"date":"2026-03-10T11:30:00","date_gmt":"2026-03-10T15:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/cloud-attackers-now-prefer-vulnerability-exploits-over-credentials\/"},"modified":"2026-03-10T18:35:09","modified_gmt":"2026-03-10T22:35:09","slug":"cloud-attackers-now-prefer-vulnerability-exploits-over-credentials","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/10\/cloud-attackers-now-prefer-vulnerability-exploits-over-credentials\/","title":{"rendered":"Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/cloud-attackers-prefer-exploits\/\">Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/cloud-attackers-prefer-exploits\/\">https:\/\/www.infosecurity-magazine.com\/news\/cloud-attackers-prefer-exploits\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-10 11:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Google Cloud has warned that threat actors targeting cloud environments now favor campaigns which gain initial access by exploiting software vulnerabilities over credential-based attacks.\u00a0<\/p>\n<p>Published on 9 March, the Google Cloud Office of the CISO&#8217;s H1 2026 Google Cloud Threat Horizons Report, details how the cloud threat landscape evolved based on how attackers attempted to target Google Cloud services during the second half of 2025.<\/p>\n<p>\u201cOur team has observed a fundamental shift in the landscape,\u201d said Crystal Lister, security advisor and head of cloud threat horizons report program for Office of the CISO, at Google Cloud.<\/p>\n<p>Traditionally, threat actors have relied on weak or missing credentials and misconfigurations to gain access to Google Cloud environments.<\/p>\n<p>However, the second half of 2025 saw threat actors increasingly turn towards exploiting unpatched third-party vulnerabilities.<\/p>\n<p>In total, third-party software-based entry accounted for 44.5% of primary entry vectors during the second half of 2025. This represents a significant increase from the 2.9% observed during the first half of the year.<\/p>\n<p>In comparison, abuse of weak or absent credentials as an entry point dropped from 47.1% in the first half of the year, down to 27.2% in the second half.<\/p>\n<h2><strong>React2Shell Top Targeted Vulnerability <\/strong><\/h2>\n<p>One of the most commonly software vulnerabilities used to target cloud services was CVE-2025-55182, more commonly known as React2Shell, a critical remote code execution vulnerability in React Server Components.<\/p>\n<p>The vulnerability can enable attackers to take control of servers and compromise data. It has been tied to cyber-attacks by nation-state threat actors linked to both North Korea and China.<\/p>\n<p>\u201cWhile Google Cloud\u2019s underlying infrastructure remains secure, threat actors are successfully targeting unpatched applications and permissive user-defined firewall rules,\u201d said Google Cloud.<\/p>\n<p>The company also warned that attackers have also got quicker at the mass&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/cloud-attackers-prefer-exploits\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials https:\/\/www.infosecurity-magazine.com\/news\/cloud-attackers-prefer-exploits\/ Publish Date: 2026-03-10 11:30:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":222139,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/6e496be5-2a96-4521-a536-8d3953c0fd94.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-222138","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222138"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222138"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222138\/revisions"}],"predecessor-version":[{"id":222140,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222138\/revisions\/222140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222139"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}