2025 Cloud Threat Hunting and Defense Landscape
Essential information
- Published
- 19/02/2026 16:01
- Modified
- 19/02/2026 17:43
- Tags
- 2026-02-19 acr stealer ai/ml exploitation cloud security cloud-native attacks credential abuse fatalrat lamehug misconfigurations ransomware saltwater seaside seaspy third-party risk threat landscape
- Related entities
- 11 vulnerabilities (cve), 3 observables, 6 malware, 14 others
Description
The report outlines key cloud security threats for 2025, highlighting exploitation of misconfigurations, cloud abuse, ransomware, credential theft, and third-party risks. Threat actors are increasingly leveraging legitimate cloud services for malicious purposes, including using AI/ML capabilities. The report notes a shift towards cloud-native attack methods that abuse built-in functionality rather than traditional malware. Key trends include threat actors registering their own cloud resources, decreased effectiveness of DDoS attacks on cloud environments, and growing interest in targeting AI services. The analysis covers tactics used by various threat groups and provides detailed mitigation strategies for cloud defenders.