fwd:cloudsec Europe 2025

While cloud environments are now foundational to modern business, much of what is published about cloud threats remains theoretical, vague, or lacking the rigor found in traditional cyber threat intelligence (CTI) reporting. This talk offers a frank assessment of the current state of cloud threats, grounded in open-source reporting from H1 2025 across a dozen sources – from major vendors to independent researchers and niche security firms.

We’ll unpack the key attack techniques actually observed in the wild this year, contrast them with the narratives often emphasized in public reporting, and highlight both the gaps that leave defenders without a clear threat model and the progress that has been made – from improved detection logic to standout examples of threat reporting that meaningfully guide defenders.

By surfacing what’s working, we can better understand how to scale those practices across the industry, while also identifying patterns of reporting or analysis that should be improved or avoided. We’ll also explore why these gaps persist, ranging from marketing-driven narratives and limited telemetry to the overly broad use of the term “cloud” and the chronic underreporting of incidents.

Drawing on real-world experience from within the threat intelligence community, this talk proposes actionable improvements: a more structured language for cloud-specific threats, practices borrowed from traditional CTI, and a call for greater transparency and nuance in how we talk about adversary behavior in the cloud.