Google: Cloud attacks exploit flaws more than weak credentials

Google's analysis reveals a significant shift in cloud attack methodologies, indicating that exploiting newly disclosed vulnerabilities in third-party software now surpasses weak credentials as the primary initial access vector for cloud environments¹. Adversaries are rapidly leveraging these unpatched flaws, dramatically shortening the window for defensive action from weeks to mere days. This trend underscores a critical evolution in how attackers breach cloud infrastructure, moving beyond opportunistic brute-force credential attacks or phishing for initial entry. Instead, threat actors prioritize publicly known software weaknesses in integrated services. While poor credential hygiene remains a persistent security concern, Google's observations highlight a more sophisticated and time-sensitive threat landscape dominated by vulnerability exploitation. Organizations must therefore prioritize aggressive patch management, rapid incident response, and continuous vulnerability scanning for all third-party components deployed within their cloud environments. This finding, reported on March 9, 2026, emphasizes the urgent need for robust vulnerability management programs to prevent initial compromise, a strategy now paramount over sole reliance on identity and access management controls.