The “Top Threats to Cloud Computing 2025” report highlights a rapidly evolving threat landscape driven by both technological advances and persistent human factors. Key risks include data breaches, often resulting from misconfigured cloud settings and weak identity management, as well as account hijacking through stolen credentials and sophisticated phishing attacks, increasingly powered by AI and deepfake technology. Insider threats-whether intentional or accidental-remain a significant concern, as do vulnerabilities in APIs, supply chain dependencies, and the proliferation of non-human identities like API keys and service accounts, which dramatically expand the attack surface. The complexity of multi-cloud environments and the explosion of IoT devices introduce additional entry points for attackers, while ransomware and denial-of-service (DoS) attacks continue to escalate in frequency and impact. The report underscores the importance of enforcing robust identity and access controls, adopting a zero-trust approach, ensuring continuous monitoring and real-time detection, and maintaining shared responsibility between cloud providers and customers to mitigate these threats effectively
Publication's URL
https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-2025Additional documents on this topic
- CSA Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration
- ANSSI Cyber threat overview 2024 (in 2025)
- MITRE ATLAS version 4.8.0
- NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
- MITRE Att&Ck® version 16.1