{"id":226565,"date":"2026-03-17T13:32:00","date_gmt":"2026-03-17T17:32:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/17\/cloud-attacks-are-evolving-what-2025-trends-mean-for-defenders-in-2026\/"},"modified":"2026-03-23T02:10:12","modified_gmt":"2026-03-23T06:10:12","slug":"cloud-attacks-are-evolving-what-2025-trends-mean-for-defenders-in-2026","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/17\/cloud-attacks-are-evolving-what-2025-trends-mean-for-defenders-in-2026\/","title":{"rendered":"Cloud attacks are evolving: What 2025 trends mean for defenders in 2026"},"content":{"rendered":"<p><a href=\"https:\/\/www.ibm.com\/think\/x-force\/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026\">Cloud attacks are evolving: What 2025 trends mean for defenders in 2026<\/a><\/p>\n<p><a href=\"https:\/\/www.ibm.com\/think\/x-force\/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026\">https:\/\/www.ibm.com\/think\/x-force\/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-17 13:32:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.ibm.com\">www.ibm.com<\/a><\/p>\n<p>2025 marked a shift in how threat actors leveraged cloud access, reflecting a move away from opportunistic exploitation toward deliberate abuse of cloud-adjacent identity and integration layers. Attackers increasingly used exposed credentials, administrative access paths, and trusted service integrations to establish persistence and move laterally across interconnected environments.<\/p>\n<p>This shift reduced the technical barriers to intrusion while increasing the operational impact of a single compromise, enabling attackers to traverse multiple cloud-connected services without triggering traditional infrastructure-focused controls.<\/p>\n<p>Looking ahead to 2026, cloud risk will continue to be defined by identity exposure, weak administrative practices, insecure integrations, and limited cross-platform telemetry. Organizations that continue to treat cloud security as an infrastructure problem will remain exposed to ecosystem-level compromise.<\/p>\n<p>Organizations should enforce phishing\u2011resistant MFA across high\u2011exposure platforms; rotate credentials found in infostealer logs or dark\u2011web markets; revoke reused OAuth tokens; and restrict third\u2011party OAuth consent. Administrative systems such as Zoho ManageEngine, Salesforce integrations, Slack apps, and HubSpot require strict patching, isolation, least\u2011privilege access, and validated workflow or application changes.<\/p>\n<p>Cloud\u2011configuration hygiene remains critical, alongside detection capabilities focused on infostealer\u2011linked logins, anomalous workflow or API activity, credential\u2011reuse attempts, and identity\u2011pivot chains involving Box, Slack, and Salesforce. SaaS integrations and digital\u2011risk monitoring require continuous oversight through high\u2011scope API\u2011token audits, administrative\u2011rule reviews, outbound\u2011traffic controls, and recurring monitoring of dark\u2011web credential exposure\u2014especially during historically active January and June periods.<\/p>\n<p>X-Force anticipates cloud risk in 2026 will continue to be&#8230;<\/p>\n<p><a href=\"https:\/\/www.ibm.com\/think\/x-force\/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cloud attacks are evolving: What 2025 trends mean for defenders in 2026 https:\/\/www.ibm.com\/think\/x-force\/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026 Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":226566,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.ibm.com\/content\/dam\/worldwide-content\/stock-assets\/adb-stk\/ul\/g\/ff\/76\/adobestock_1125584044.jpeg\/_jcr_content\/renditions\/cq5dam.web.1280.1280.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[36,25],"class_list":["post-226565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-infostealer","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226565"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226565"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226565\/revisions"}],"predecessor-version":[{"id":226567,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226565\/revisions\/226567"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226566"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}