Cloud storage buckets (AWS S3, GCS, Azure Blob) are configured with overly permissive access controls, allowing public read/write access or listing of bucket contents.
An attacker could read sensitive data from the bucket, upload malicious content, modify or delete existing files, or use the bucket for hosting malware or phishing content.
Enable block public access settings at the account level. Review and restrict bucket policies and ACLs. Enable bucket access logging. Use IAM policies for fine-grained access control. Implement encryption at rest and in transit.