This Week in Cloud Security: Identity Wars, AI-Sec Expansion, and Real-World Risks

Your No-Fluff Security Roundup | 12th - 19th July 2025

This week:

• CISA drops new guidance to lock down cloud identity
• Hackbots speed up breach times from days to minutes
• Attackers abuse AWS to spy on Southeast Asian governments
• Google’s Wiz move reshapes multi-cloud security

Here’s what happened and what actually matters.

‍

🔎 Featured Story of the Week

‍

Hackbots Slash Cloud Breach Time

🔗Read more at ComputerWeekly.

New research shows attackers are leveraging automation and AI-driven recon to cut cloud breach times from days to minutes.

Why this matters:

The shift from human-led intrusions to bot-powered kill chains is already here. Legacy alerting won’t cut it. Defence teams now
demand real-time detection and continuous posture tuning.

‍

‍

Sovereignty, Policy, & Public Sector Shake-ups

‍

‍CISA Issues Core Cloud Identity Guidance

🔗Read → CISA.gov‍

‍CISA is pushing for tighter cloud identity controls, with new threat modelling recommendations focused on Zero Trust
and misconfiguration prevention.

Why this matters:

Identity remains the soft underbelly of most cloud architectures. This guidance will influence federal procurement and
vendor expectations across critical infrastructure.

‍

Orange Cloud Cleared for French Government Work

🔗Read → Mobile World Live

Orange secured French cybersecurity agency approval for its sovereign cloud platform - a major trust milestone in the EU.

Why this matters:

Europe’s sovereignty agenda is now shaping cloud market winners. Vendors who meet local standards win market share.
For providers targeting EU governments, this sets the new compliance bar.

‍

DISA Seeks $9B in New JWCC Cloud Partners

🔗Read → Data Center Dynamics

The U.S. Defence Information Systems Agency is expanding its vendor pool for the Joint Warfighting Cloud Capability (JWCC).

Why this matters:

This is one of the largest global public-sector cloud security deals. Vendors that can meet complex security, interoperability,
and battlefield resilience demands will be the ones to watch.

‍

‍

Vendor Moves That Matter this Week

‍

SentinelOne Expands AI-Sec Into AWS Marketplace

🔗Read → BusinessWire

SentinelOne launches its Singularity Cloud, Purple AI, and AI SIEM in the AWS AI Agent Marketplace.

Why this matters:

Vendors are racing to integrate security tooling with GenAI workflows. Expect this to be table stakes soon. If your platform
doesn’t support AI-enriched signals, you’re behind.

‍

Wiz Deal Signals Google’s Multi-Cloud Security Play

🔗Read → BankInfoSecurity

Google’s planned Wiz acquisition signals a major push toward multi-cloud security and unified posture management.

Why this matters:

This goes beyond CNAPP dominance. It's about offering a true alternative to AWS and Azure-native security tooling.
Watch for Google to turn Wiz into a horizontal platform.

‍

Bitdefender & Scale Computing Target Edge Security

🔗Read → SecurityBrief AU

Bitdefender is embedding its GravityZone platform into Scale Computing’s edge infrastructure to deliver native security
for remote and IoT environments.

‍Why this matters:

Edge isn’t an afterthought anymore. Securing remote and IoT workloads is mission-critical for industries like retail, logistics,
and manufacturing.

‍

Netskope Adds DSPM via AWS AI Agents

🔗Read → SecurityBrief AU

Netskope launches its Data Security Posture Management (DSPM) tools through AWS’s new AI Agent marketplace category.

‍Why this matters:

DSPM is evolving into the nervous system for AI-era cloud security. Real-time data policy enforcement is now table stakes.

‍

‍

Threats, Vulnerabilities & Nation-State Activity

‍

NVIDIA Fixes Critical Kubernetes Container Escape (Again)

🔗Read → Hacker News

NVIDIA patched CVE-2024-0132, which allowed malicious containers to break out and gain host access in GPU-heavy
environments.

Why this matters:

Another reminder: AI workloads need tighter guardrails. A single K8s misstep in GPU clusters can mean root-level compromise.

‍

Attackers Abuse AWS to Target Southeast Asian Govts

🔗Read → Dark Reading

Researchers found a new malware campaign using AWS infrastructure and a novel remote access trojan (RAT) to infiltrate
government systems in the region.

Why this matters:

Nation-state threat actors are hijacking cloud infrastructure to stay under the radar. Watch for tighter scrutiny of internal
AWS behaviours.

‍

2,000+ Microsoft Config Servers Exposed

🔗Read → Dark Reading

A widespread misconfiguration left thousands of Microsoft Configuration Protocol (MCP) servers publicly accessible,
many in government and healthcare.

‍Why this matters:

Basic hygiene is still failing and attackers know it. These mistakes give attackers easy, invisible entry points.

‍

Microsoft Reveals ‘Scattered Spider’ Playbook

🔗Read → Infosecurity Magazine

Microsoft published a detailed analysis of Scattered Spider’s tactics, including SIM swapping and helpdesk impersonation,
with a focus on cloud pivot techniques.

‍Why this matters:

Identity-first attacks are the new normal. The post-incident focus on IAM, MFA fatigue, and cloud role escalation shows
where defenders need to double down. If your IAM playbook isn’t tight, you’re a target.

‍

Azure ML Bug Enables Privilege Escalation

🔗Read → Infosecurity Magazine

Microsoft patched an Azure ML flaw enabling lateral movement and privilege escalation across containers.

‍Why this matters:

AI tools are expanding attack surfaces. If you’re running Azure ML, make sure your isolation policies are up to date.

‍

🧠 TL;DR: What This Week Tells Us

🛡️ Cloud identity is now the frontline
⚠️ Misconfigs still dominate the threat landscape
📦 DSPM is the next-gen CNAPP
🌍Sovereign cloud standards are reshaping vendor eligibility
🌐Edge, AI, and multi-cloud convergence are the next hot zones

‍

The bottom line: Cloud security is entering a new phase, where identity, data posture, and geopolitical standards define
who wins. Staying ahead means securing smarter, faster, and more globally aware.

‍