Too Much Trust: The Danger of Over-Privileged Cloud Identities

This Q3 2025 cloud security report finds that identity compromise (44% of true-positive cloud alerts) and process-driven redeployment of legacy vulnerabilities (71% of critical vulnerability alerts traced to a few CVEs) are the primary drivers of modern cloud breaches; attackers commonly use stolen credentials and over-privileged roles to escalate access, while DevOps automation replicates known flaws at scale. The report lists prominent CVEs (e.g., Log4Shell/CVE-2021-44228 and others), describes attacker economics and TTPs (credential markets, infostealers), and recommends identity-first controls, least-privilege enforcement, short-lived credentials, IaC scanning, and automated response playbooks.