Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more!
Dive into six things that are top of mind for the week ending June 20.
1 – Tenable report: Oops, your cloud data and secrets might be lounging in public
Houston, we have a cloud data-security problem.
Tenable’s “2025 Cloud Security Risk Report,” published this week, found that 9% of publicly accessible cloud-storage resources hold sensitive data, almost all of which – 97% – is labeled as either restricted or confidential.
“This kind of exposure creates an ideal entry point for threat actors and poses a serious, immediate security risk,” reads the report, which provides in-depth coverage of cloud security issues including data and secrets exposure; identity management; cloud workload protection; and artificial intelligence (AI) defense.
The report, authored by the Tenable Cloud Research team, is based on workload telemetry analysis from public cloud and enterprise environments scanned with the Tenable Cloud Security cloud native application protection platform (CNAPP) between October 2024 and March 2025.
Other key findings include:
- 54% of the organizations using Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions have at least one secret – meaning, a privileged credential – embedded in their configurations, which creates a direct attack path.
- 29% of organizations have at least one toxic cloud trilogy — meaning a cloud workload that is publicly exposed, critically vulnerable and highly privileged. This stat is down nine percentage points from the previous report, but it’s still too high.
(Tenable’s “2025 Cloud Security Risk Report,” June 2025)
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.