Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
Google Cloud's Office of the CISO releases the Cloud Threat Horizons Report highlighting a major shift in cloud attack vectors and accelerating exploitation timelines.
•The window between vulnerability disclosure and active exploitation collapsed from weeks to days in H2 2025, driven by AI-assisted threat actor reconnaissance.
•For the first time since 2021, third-party software vulnerabilities (44.5%) surpassed weak or missing credentials (27.2%) as the top initial access vector.
•North Korean group UNC4899 conducted a sophisticated Kubernetes campaign, abusing DevOps workflows and privileged container escapes to steal cryptocurrency.
•Supply chain attack via compromised npm package QUIETVAULT allowed UNC6426 to gain full AWS administrator permissions within 72 hours via OIDC trust abuse.
•
Ransomware actors increasingly employ anti-forensic tactics—deleting logs, core dumps, and backups—making tamper-resistant logging an operational necessity.
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Google Cloud
The Hacker News