Top Cloud Native Threats and Vulnerabilities of 2024

**Executive Summary:** This report summarizes seven prominent cloud-native threats and vulnerabilities from 2024 — including perfctl (cryptojacking malware exploiting Polkit), Bucket Monopoly (AWS "shadow resource" vulnerabilities enabling account compromise), Snap Trap (Ubuntu package-suggestion abuse), Hadooken (WebLogic-targeting malware), GitHub repository secret exposures, a critical CUPS RCE, and the Lucifer campaign targeting Hadoop/Druid — and provides mitigation recommendations such as network segmentation, secrets scanning, removing or restricting vulnerable services, and enforcing runtime policies.