Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks.

Gartner predicts double-digit growth across all cloud segments in 2025, with organizations increasingly adopting multi-cloud strategies. This expansion coincides with rising security concerns, as researchers with Palo Alto Networks found that by the end of 2024, organizations suffered a 388 percent increase in cloud security alerts compared to 2023.

"While cloud computing offers tremendous benefits, we're seeing an alarming increase in serious security issues affecting cloud assets," said Emma Zaballos, Senior Researcher, CyCognito. "Organizations must understand the crucial difference between high-severity vulnerabilities and those that are easily exploitable—both present distinct risks that require targeted security approaches."

For this research, CyCognito analyzed anonymized, aggregated data across nearly five million internet-exposed assets – web applications, servers, domains, and more – that the company monitors, focusing on how vulnerabilities behave "in the wild" rather than just in controlled testing environments.

This research focused on the assets hosted on cloud platforms, rather than the cloud platforms themselves. While assets were aggregated by cloud hosting providers, further research is needed to understand why variance existed between different populations of assets.

Key findings:

  • Significant Vulnerability Variations Across Providers: 38 percent of assets hosted by Google Cloud were vulnerable to at least one security issue or misconfiguration, over 2.5x more than assets hosted by AWS (15 percent), while assets hosted by Azure ranked second with 27 percent.
  • Critical Vulnerabilities Present Across All Environments: Though uncommon, critical vulnerabilities (CVSS 9.0 or higher) were detected on assets hosted by all cloud providers, with assets hosted by Azure showing a slightly higher percentage (0.07 percent) compared to assets hosted by AWS and Google Cloud (0.04 percent). Assets hosted by other cloud providers showed approximately 10 times higher rates of critical vulnerabilities.
  • Easily Exploitable Vulnerabilities Most Common on Alternative Clouds: Over 13 percent of assets hosted on other clouds and 10 percent on other hosting providers had easily exploitable vulnerabilities, compared to 5 percent hosted on Google Cloud and just 2 percent on AWS and Azure.
  • Combined Risk Factors: Assets with both critical and easily exploitable issues were found across all providers, with AWS showing the lowest rate (0.02 percent) while alternative cloud and hosting providers showed rates ten times higher.
  • The research emphasizes the importance of comprehensive security testing beyond development environments. "Security teams must focus on testing applications after they're deployed, not just during development," added Zaballos. "Dynamic application security testing is crucial as it actively tests live assets, uncovering application vulnerabilities and misconfigurations that static tools miss."

The research comes as CyCognito announced a new partnership with Wiz to enhance protection of cloud environments. CyCognito enriches Cloud-Native Application Protection Platform (CNAPP) coverage by identifying externally exposed cloud assets and identifying vulnerabilities and misconfigurations using more than 80,000 active and passive tests. By taking an outside-in attacker’s perspective, CyCognito fills visibility gaps across sanctioned and unsanctioned cloud assets and enables security teams to focus on the most

critical vulnerabilities.

For more information on the research, please see the blog post.

Featured

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.