This Week in Cloud Security: Identity Wars, AI-Sec Expansion, and Real-World Risks

Your No-Fluff Security Roundup | 12th - 19th July 2025

This week:

• CISA drops new guidance to lock down cloud identity
• Hackbots speed up breach times from days to minutes
• Attackers abuse AWS to spy on Southeast Asian governments
• Google’s Wiz move reshapes multi-cloud security

Here’s what happened and what actually matters.

🔎 Featured Story of the Week

‍

Hackbots Slash Cloud Breach Time

🔗Read more at ComputerWeekly.

New research shows attackers are leveraging automation and AI-driven recon to cut cloud breach times from days to minutes.‍

Why this matters:
The shift from human-led intrusions to bot-powered kill chains is already here. Legacy alerting won’t cut it. Defence teams now demand real-time detection and continuous posture tuning.

Sovereignty, Policy, & Public Sector Shake-ups

‍CISA Issues Core Cloud Identity Guidance

🔗Read → CISA.gov‍

‍CISA is pushing for tighter cloud identity controls, with new threat modelling recommendations focused on Zero Trust and misconfiguration prevention.‍

Why this matters:
Identity remains the soft underbelly of most cloud architectures. This guidance will influence federal procurement and vendor expectations across critical infrastructure.

Orange Cloud Cleared for French Government Work

🔗Read → Mobile World Live

Orange secured French cybersecurity agency approval for its sovereign cloud platform - a major trust milestone in the EU.‍

Why this matters:
Europe’s sovereignty agenda is now shaping cloud market winners. Vendors who meet local standards win market share. For providers targeting EU governments, this sets the new compliance bar.

DISA Seeks $9B in New JWCC Cloud Partners

🔗Read → Data Center Dynamics

The U.S. Defence Information Systems Agency is expanding its vendor pool for the Joint Warfighting Cloud Capability (JWCC).‍

Why this matters:
This is one of the largest global public-sector cloud security deals. Vendors that can meet complex security, interoperability, and battlefield resilience demands will be the ones to watch.

Vendor Moves That Matter this Week

‍

SentinelOne Expands AI-Sec Into AWS Marketplace

🔗Read → BusinessWire

SentinelOne launches its Singularity Cloud, Purple AI, and AI SIEM in the AWS AI Agent Marketplace.‍

Why this matters:

Vendors are racing to integrate security tooling with GenAI workflows. Expect this to be table stakes soon. If your platform doesn’t support AI-enriched signals, you’re behind.

Wiz Deal Signals Google’s Multi-Cloud Security Play

🔗Read → BankInfoSecurity

Google’s planned Wiz acquisition signals a major push toward multi-cloud security and unified posture management.‍

Why this matters:

This goes beyond CNAPP dominance. It's about offering a true alternative to AWS and Azure-native security tooling.
Watch for Google to turn Wiz into a horizontal platform.

Bitdefender & Scale Computing Target Edge Security

🔗Read → SecurityBrief AU

Bitdefender is embedding its GravityZone platform into Scale Computing’s edge infrastructure to deliver native security for remote and IoT environments.

‍Why this matters:
Edge isn’t an afterthought anymore. Securing remote and IoT workloads is mission-critical for industries like retail, logistics, and manufacturing.

Netskope Adds DSPM via AWS AI Agents

🔗Read → SecurityBrief AU

Netskope launches its Data Security Posture Management (DSPM) tools through AWS’s new AI Agent marketplace category.

‍Why this matters:
DSPM is evolving into the nervous system for AI-era cloud security. Real-time data policy enforcement is now table stakes.

Threats, Vulnerabilities & Nation-State Activity

NVIDIA Fixes Critical Kubernetes Container Escape (Again)

🔗Read → Hacker News

NVIDIA patched CVE-2024-0132, which allowed malicious containers to break out and gain host access in GPU-heavy environments.‍

Why this matters:
Another reminder: AI workloads need tighter guardrails. A single K8s misstep in GPU clusters can mean root-level compromise.

Attackers Abuse AWS to Target Southeast Asian Govts

🔗Read → Dark Reading

Researchers found a new malware campaign using AWS infrastructure and a novel remote access trojan (RAT) to infiltrate government systems in the region.‍

Why this matters:
Nation-state threat actors are hijacking cloud infrastructure to stay under the radar. Watch for tighter scrutiny of internal AWS behaviours.

2,000+ Microsoft Config Servers Exposed

🔗Read → Dark Reading

A widespread misconfiguration left thousands of Microsoft Configuration Protocol (MCP) servers publicly accessible, many in government and healthcare.

‍Why this matters:
Basic hygiene is still failing and attackers know it. These mistakes give attackers easy, invisible entry points.

Microsoft Reveals ‘Scattered Spider’ Playbook

🔗Read → Infosecurity Magazine

Microsoft published a detailed analysis of Scattered Spider’s tactics, including SIM swapping and helpdesk impersonation, with a focus on cloud pivot techniques.

‍Why this matters:
Identity-first attacks are the new normal. The post-incident focus on IAM, MFA fatigue, and cloud role escalation shows where defenders need to double down. If your IAM playbook isn’t tight, you’re a target.

Azure ML Bug Enables Privilege Escalation

🔗Read → Infosecurity Magazine

Microsoft patched an Azure ML flaw enabling lateral movement and privilege escalation across containers.

‍Why this matters:
AI tools are expanding attack surfaces. If you’re running Azure ML, make sure your isolation policies are up to date.

🧠 TL;DR: What This Week Tells Us

🛡️ Cloud identity is now the frontline
⚠️ Misconfigs still dominate the threat landscape
📦 DSPM is the next-gen CNAPP
🌍Sovereign cloud standards are reshaping vendor eligibility
🌐Edge, AI, and multi-cloud convergence are the next hot zones

The bottom line: Cloud security is entering a new phase, where identity, data posture, and geopolitical standards define who wins. Staying ahead means securing smarter, faster, and more globally aware.

‍