All Posts
This week in...

This Week in Cloud Security: Identity Wars, AI-Sec Expansion, and Real-World Risks

Posted
July 28, 2025
Read Time
0
minutes

Your No-Fluff Security Roundup | 12th - 19th July 2025

This week:

  • CISA drops new guidance to lock down cloud identity
  • Hackbots speed up breach times from days to minutes
  • Attackers abuse AWS to spy on Southeast Asian governments
  • Google’s Wiz move reshapes multi-cloud security

Here’s what happened and what actually matters.

🔎 Featured Story of the Week

Hackbots Slash Cloud Breach Time

🔗Read more at ComputerWeekly.

New research shows attackers are leveraging automation and AI-driven recon to cut cloud breach times from days to minutes.

Why this matters:

The shift from human-led intrusions to bot-powered kill chains is already here. Legacy alerting won’t cut it. Defence teams now
demand real-time detection and continuous posture tuning.

Sovereignty, Policy, & Public Sector Shake-ups

CISA Issues Core Cloud Identity Guidance

🔗Read CISA.gov

CISA is pushing for tighter cloud identity controls, with new threat modelling recommendations focused on Zero Trust
and misconfiguration prevention.

Why this matters:

Identity remains the soft underbelly of most cloud architectures. This guidance will influence federal procurement and
vendor expectations across critical infrastructure.

Orange Cloud Cleared for French Government Work

🔗Read Mobile World Live

Orange secured French cybersecurity agency approval for its sovereign cloud platform - a major trust milestone in the EU.

Why this matters:

Europe’s sovereignty agenda is now shaping cloud market winners. Vendors who meet local standards win market share.
For providers targeting EU governments, this sets the new compliance bar.

DISA Seeks $9B in New JWCC Cloud Partners

🔗Read Data Center Dynamics

The U.S. Defence Information Systems Agency is expanding its vendor pool for the Joint Warfighting Cloud Capability (JWCC).

Why this matters:

This is one of the largest global public-sector cloud security deals. Vendors that can meet complex security, interoperability,
and battlefield resilience demands will be the ones to watch.

Vendor Moves That Matter this Week

SentinelOne Expands AI-Sec Into AWS Marketplace

🔗Read BusinessWire

SentinelOne launches its Singularity Cloud, Purple AI, and AI SIEM in the AWS AI Agent Marketplace.

Why this matters:

Vendors are racing to integrate security tooling with GenAI workflows. Expect this to be table stakes soon. If your platform
doesn’t support AI-enriched signals, you’re behind.

Wiz Deal Signals Google’s Multi-Cloud Security Play

🔗Read BankInfoSecurity

Google’s planned Wiz acquisition signals a major push toward multi-cloud security and unified posture management.

Why this matters:

This goes beyond CNAPP dominance. It's about offering a true alternative to AWS and Azure-native security tooling.
Watch for Google to turn Wiz into a horizontal platform.

Bitdefender & Scale Computing Target Edge Security

🔗Read SecurityBrief AU

Bitdefender is embedding its GravityZone platform into Scale Computing’s edge infrastructure to deliver native security
for remote and IoT environments.

Why this matters:

Edge isn’t an afterthought anymore. Securing remote and IoT workloads is mission-critical for industries like retail, logistics,
and manufacturing.

Netskope Adds DSPM via AWS AI Agents

🔗Read SecurityBrief AU

Netskope launches its Data Security Posture Management (DSPM) tools through AWS’s new AI Agent marketplace category.

Why this matters:

DSPM is evolving into the nervous system for AI-era cloud security. Real-time data policy enforcement is now table stakes.

Threats, Vulnerabilities & Nation-State Activity

NVIDIA Fixes Critical Kubernetes Container Escape (Again)

🔗Read Hacker News

NVIDIA patched CVE-2024-0132, which allowed malicious containers to break out and gain host access in GPU-heavy
environments.

Why this matters:

Another reminder: AI workloads need tighter guardrails. A single K8s misstep in GPU clusters can mean root-level compromise.

Attackers Abuse AWS to Target Southeast Asian Govts

🔗Read Dark Reading

Researchers found a new malware campaign using AWS infrastructure and a novel remote access trojan (RAT) to infiltrate
government systems in the region.

Why this matters:

Nation-state threat actors are hijacking cloud infrastructure to stay under the radar. Watch for tighter scrutiny of internal
AWS behaviours.

2,000+ Microsoft Config Servers Exposed

🔗Read Dark Reading

A widespread misconfiguration left thousands of Microsoft Configuration Protocol (MCP) servers publicly accessible,
many in government and healthcare.

Why this matters:

Basic hygiene is still failing and attackers know it. These mistakes give attackers easy, invisible entry points.

Microsoft Reveals ‘Scattered Spider’ Playbook

🔗Read Infosecurity Magazine

Microsoft published a detailed analysis of Scattered Spider’s tactics, including SIM swapping and helpdesk impersonation,
with a focus on cloud pivot techniques.

Why this matters:

Identity-first attacks are the new normal. The post-incident focus on IAM, MFA fatigue, and cloud role escalation shows
where defenders need to double down. If your IAM playbook isn’t tight, you’re a target.

Azure ML Bug Enables Privilege Escalation

🔗Read Infosecurity Magazine

Microsoft patched an Azure ML flaw enabling lateral movement and privilege escalation across containers.

Why this matters:

AI tools are expanding attack surfaces. If you’re running Azure ML, make sure your isolation policies are up to date.

🧠 TL;DR: What This Week Tells Us

🛡️ Cloud identity is now the frontline
⚠️ Misconfigs still dominate the threat landscape
📦 DSPM is the next-gen CNAPP
🌍Sovereign cloud standards are reshaping vendor eligibility
🌐Edge, AI, and multi-cloud convergence are the next hot zones

The bottom line: Cloud security is entering a new phase, where identity, data posture, and geopolitical standards define
who wins. Staying ahead means securing smarter, faster, and more globally aware.

Find your Tribe

Membership is by approval only. We'll review your LinkedIn to make sure the Tribe stays community focused, relevant and genuinely useful.

To join, you’ll need to meet these criteria:

> You are not a vendor, consultant, recruiter or salesperson

> You’re a practitioner inside a business (no consultancies)

> You’re based in Australia or New Zealand