Virtual machines, virtually everywhere – and with real security gaps

This article warns that uncontrolled cloud VM sprawl and over-permissioned workload identities create high-risk attack surfaces: abandoned VMs can be leveraged for east–west movement, access to on‑prem resources via federated identities, data exfiltration, and deployment of ransomware. It recommends inventorying VMs, auditing workload identities and permissions, improving monitoring and identity-aware detection, and rapid isolation/response to reduce dwell time and regulatory/financial impact.