One thing I’ve noticed is Mandiant now assign their own CVE like numbers to cloud provider vulnerabilities like this.

There really needs to be a properly, commonly agreed up system like CVE for this (not run by Google). I know there’s attempts at this, I hope they take off.

The illusion the cloud is magically secure is just that; an illusion. At the minute cloud providers are hiding behind lack of regulation, lack of transparency & deliberate subterfuge to protect shareholders. It’s not great.