UPDATE: Cybercriminals are ramping up their attacks in the cloud, leveraging artificial intelligence (AI) to exploit vulnerabilities at an unprecedented speed. A new report from Google Cloud Security reveals that the time frame for attackers to capitalize on publicly disclosed weaknesses has plummeted from weeks to just days.
This alarming trend highlights a significant shift in tactics. Instead of targeting the fortified core infrastructure of major cloud providers like Google Cloud, Amazon Web Services, and Microsoft Azure, attackers are now focusing on fragile third-party software. The implications for businesses are dire, as the report emphasizes the urgent need for automated, AI-driven defenses to counter these evolving threats.
The report, based on observations from the second half of 2025, outlines shocking instances of exploitation. For example, attacks exploiting a critical remote code execution (RCE) vulnerability in the popular React Server Components library began within just 48 hours of its disclosure (CVE-2025-55182). Additionally, an RCE vulnerability in the XWiki Platform (CVE-2025-24893) was targeted aggressively after a patch was inadequately deployed, leading to successful attacks by criminal gangs as early as November 2025.
The report also details the operations of a state-sponsored group known as UNC4899, likely linked to North Korea. This group successfully infiltrated Kubernetes workloads to steal millions of dollars in cryptocurrency by tricking developers into executing malicious code under the guise of collaboration. Their tactics showcase a new level of sophistication, blending social engineering with technical prowess.
The security landscape is also evolving when it comes to identity theft. Attackers are moving away from traditional brute-force methods and increasingly exploiting identity issues. The report indicates that 17% of breaches involved voice-based social engineering (vishing), while 12% relied on email phishing. A staggering 21% of incidents were facilitated through compromised relationships with trusted third parties.
Moreover, the presence of malicious insiders—employees or contractors—has surged, contributing to the rapid exfiltration of sensitive data via widely used consumer cloud services like Google Drive and Dropbox. This alarming trend underscores the necessity for immediate action from businesses, particularly as 45% of intrusions led to data theft without immediate extortion attempts, indicative of a more stealthy approach from attackers.
In light of these developments, Google Cloud Security stresses the importance of implementing advanced security measures. Businesses must prioritize patch management, ensuring that all software, especially third-party applications, are updated promptly. Strengthening identity and access management through multi-factor authentication is crucial, as is monitoring network activity to identify unusual behaviors.
For small and medium-sized enterprises, the report recommends seeking managed service providers with the necessary expertise to bolster security efforts. An incident response plan is vital, as the first few hours after an intrusion can determine the severity of the breach.
As cybercriminals continue to refine their strategies, the need for robust, AI-augmented defenses has never been more critical. Organizations must act swiftly to safeguard their digital assets and mitigate the risks posed by these evolving threats. The clock is ticking—businesses need to fortify their defenses NOW.