Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches


It’s 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code.

Yet, data breaches aren’t slowing down—why? Because a single misconfiguration—often as simple as an overly permissive IAM role or an exposed storage bucket—can wreck everything. In fact, cloud misconfigurations are often termed as a “technical oversight.” But they’re a systemic failure—a gap between how we build, secure and perceive risk in the cloud.

Read more…
Source: Forbes News


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • CAI cloud worm gives competitors’ malware the boot, then steals secrets and mines for coin

    July 7, 2026

    There’s no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware. It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and ...

  • Confidential computing’s core trust mechanism is broken. The fix may not exist

    July 4, 2026

    Vendors are trying to position “confidential computing” as the technical backbone of Europe’s sovereign cloud ambitions. But new research shows that a security protocol used to prove cryptographic trust in the system may have a fundamental architectural flaw. Confidential computing rests on a mechanism called remote attestation, in which a server cryptographically proves to a client ...

  • AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data

    July 3, 2026

    AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals. The attack targeted an ...

  • More than 12,000 servers supported a coordinated phishing infrastructure worldwide

    June 11, 2026

    When a suspicious email lands in your inbox promising financial rewards or urgent payment requests, the infrastructure behind that email is rarely what it appears to be. An investigation by Comparitech revealed a coordinated spam and phishing network spanning 12,704 servers in 55 countries. These phishing emails are tied to fake financial rewards and similar scams, using tactics designed ...

  • App host Vercel says it was hacked and customer data stolen

    April 20, 2026

    Cloud app hosting giant Vercel this weekend said hackers had breached its internal systems and accessed customer data. Hackers have claimed they have stolen sensitive customer credentials from Vercel’s systems and are selling the data online. In a statement on Sunday, Vercel said the breach originated from another software maker, Context AI. One of Vercel’s employees ...

  • AWS says more than 600 FortiGate firewalls hit in AI-augmented campaign

    February 23, 2026

    Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS. The campaign, which ran from mid-January to mid-February, relied less on clever zero-days and more on the equivalent of trying every digital door handle – just ...