Cloud hackers pivot to software flaws as primary entry point, Google report finds

Attackers are increasingly breaching cloud environments by exploiting vulnerabilities in third-party software rather than relying on weak passwords, according to Google’s latest Cloud Threat Horizons report. Software flaws now account for 44.5% of initial access incidents, surpassing credential-based attacks for the first time. Researchers also observed faster exploitation cycles and growing abuse of SaaS integrations and OAuth tokens, exposing new risks across connected cloud ecosystems.