Operational and Identity Risks in Modern Cloud and Supply Chain Security
Security teams are struggling to keep pace with the rapid evolution of cloud environments, where production workloads increasingly rely on multicloud and hybrid architectures. A recent study by Palo Alto Networks highlights that operational complexity, fast-paced software deployments, and the integration of generative AI into development pipelines are outpacing the ability of security controls to adapt, resulting in high-severity vulnerabilities reaching production. Data exposure risks are exacerbated by fragmented environments, overly broad identity permissions, and weak secret management, with manual processes still prevalent for identifying sensitive data and managing access.
Supply chain security remains a critical weak point, as attackers exploit third-party access to compromise systems and propagate malicious activity across interconnected organizations. The Thales Digital Trust Index report reveals that over half of organizations retain third-party access long after it is needed, creating persistent vulnerabilities. Weak authentication practices, inefficient identity lifecycle management, and poor access hygiene further increase the risk of breaches originating from trusted partners, underscoring the need for robust controls and continuous evaluation of third-party relationships.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Escalating Software Supply Chain Security Risks and Industry Response
Recent high-profile incidents such as the SolarWinds, MOVEit, and Log4Shell breaches have underscored the critical vulnerabilities present in the software supply chain, prompting organizations to prioritize third-party risk management and supply chain security at the executive level. Security leaders now recognize that every external dependency, from open-source libraries to SaaS platforms, represents a potential attack vector, with 69% of organizations reportedly impacted by a supply chain security event in the past year. The MOVEit and SolarWinds attacks, in particular, demonstrated how a single compromised vendor can trigger widespread data breaches and operational disruptions across thousands of downstream organizations. In response to these threats, companies are increasingly adopting third-party risk management tools and modern application security practices to monitor and secure their extended digital ecosystems. Industry reports highlight a gap between awareness and implementation of foundational security controls, with many organizations failing to mandate essential protections despite acknowledging the risks. Regulatory bodies such as CISA have also identified supply chain attacks as one of the most persistent and damaging threats, emphasizing the need for proactive, holistic risk management strategies that extend beyond internal systems to encompass the entire vendor ecosystem.
Mar 21, 2026
Compromised Credentials and Misconfigurations as Leading Causes of Cloud Security Incidents
A recent Amazon Web Services (AWS) report, produced in collaboration with Vanson Bourne, highlights that compromised credentials and misconfigurations are among the top causes of security incidents in public cloud environments. The report, based on a survey of 2,800 technology and security firms across 13 countries, found that vulnerability exploitation accounted for 24% of cloud security incidents, while compromised credentials were responsible for 20%. Physical theft and misconfigurations followed at 19% and 16%, respectively. The findings emphasize that as organizations rapidly migrate applications and data to the cloud, human factors and operational errors remain significant contributors to breaches, with nearly 80% of organizations reporting a data breach in the past year, whether on-premises or in the cloud. Experts cited in the report stress the critical need for identity-aware security strategies, such as microsegmentation, to limit attackers' ability to exploit valid accounts and move laterally within compromised networks. The convergence of cloud persistence, token replay attacks, and traditional malware techniques has increased the risk landscape, making it essential for organizations to address identity security debt and implement robust controls to protect cloud environments. The report also notes that while confidence in cloud adoption is high, cybersecurity and privacy concerns remain the primary barriers for many organizations, underscoring the importance of continuous vigilance and proactive security measures in cloud operations.
Mar 21, 2026
Expanding Cyber Risk Across Connected Assets and Supply Chains
Organizations are facing a rapidly evolving cyber risk landscape as the boundaries between IT, operational technology (OT), Internet of Things (IoT), and supply chain systems blur. The proliferation of connected devices, such as cameras, badge readers, HVAC systems, and factory controllers, has significantly increased the attack surface for enterprises. Business demands have driven the integration of IT, OT, and IoT, enabling telemetry to inform analytics and automation, but also concentrating dependencies on critical control planes like cloud consoles and APIs. This interconnectedness means that a single compromised identity provider, software updater, or remote management tool can serve as a single point of failure, potentially impacting thousands of endpoints and critical business processes. Security leaders emphasize the importance of maintaining a living inventory of assets, applying least privilege principles, and segmenting networks by function and criticality to mitigate these risks. Unknown or unmanaged devices should be treated as unsafe until proven otherwise, and where devices lack robust security features, organizations are advised to broker connections through secure gateways. The challenge is compounded by resource constraints and the long lifecycles of many IoT and OT devices, which often cannot be easily updated or replaced. The expansion of cyber risk also extends to the supply chain, where third-party vendors, contractors, and service providers can become entry points for attackers. Recent high-profile breaches have demonstrated that adversaries exploit trusted relationships to infiltrate organizations, with the fallout often affecting the victim company regardless of where the breach originated. This complexity is frequently invisible to the public and regulators, leading to reputational damage and loss of narrative control for affected organizations. Effective cyber readiness now requires extensive preparation, including scenario exercises, communication planning, and training to operate under pressure. The shift from endpoint-centric to control plane-centric risk management reflects the need to address the realities of modern, interconnected business environments. Organizations must adopt an "assume breach" mindset and focus on resilience and recovery planning, not just prevention. The evolving threat landscape demands that security strategies account for the full spectrum of connected assets and the intricate web of dependencies that define today's enterprises. As the definition of cyber risk continues to expand, so too must the approaches to visibility, segmentation, and incident response. Ultimately, the ability to manage and recover from cyber incidents hinges on preparation, visibility, and the recognition that every connected asset and relationship represents a potential risk vector.
Mar 21, 2026