A third of cloud assets run outdated, unpatched operating systems.
Cloud security is facing growing pressure as vulnerabilities and misconfigurations in cloud infrastructure continue to mount.
According to a new study by Orca Security, and reported by CSO, after scanning billions of assets across major providers like AWS and Azure, researchers found that each asset averages 115 vulnerabilities, with many dating back over a decade.
Compounding the issue, one-third of cloud assets run outdated, unpatched operating systems, and AI adoption is accelerating risk: 62 percent of organisations host vulnerable AI-related packages.
Public-facing assets, legacy vulnerabilities like Log4Shell, and unpatched web services also remain widespread.
Many organisations harbour exposed secrets in source code and misconfigured infrastructure-as-code templates. As identity abuse and vulnerability exploitation overtake phishing as key breach vectors, Orca warns that “cloud security has reached a critical turning point,” urging better patching, stricter access control, and more comprehensive cloud risk management.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
