Biggest finding is that adversaries can easily allocate many IPs on public clouds. From this, automated traffic analysis can find what we call latent configurations (e.g., subdomain takeover) and exploit these. For instance you could allocate cloud IPs to collect SNS messages with PII to phish people, or receive passwords or data intended for other sites.

More high-level description here: https://pauley.me/post/2022/cloud-squatting/