Researchers flag cross-cloud recon tactic

Security researchers have identified and addressed a privilege escalation flaw in Google Cloud Platform's Cloud Functions and Cloud Build services, highlighting broader concerns about cross-platform vulnerabilities, according to Infosecurity Magazine.

Initially uncovered by Tenable Research, the flaw allowed attackers to gain elevated access during the deployment process. Google has since released a patch to limit the privileges of default Cloud Build accounts. Cisco Talos later extended the findings, demonstrating how a similar technique, using a malicious “package.json file,” could be repurposed for reconnaissance across other cloud platforms such as AWS Lambda and Azure Functions. While Google’s fix has neutralized the original threat, Talos showed that the method could still enable environment enumeration without requiring privileged credentials. Techniques observed include network mapping, user and OS detail scans, and container identification. Google has introduced more granular service account controls, but experts stress the need for least-privilege enforcement, routine permission audits, and vigilant monitoring to defend against evolving cloud-native threats.