Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security Update Released for CrushFTP
March 28, 2025
A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to craft remote and unauthenticated HTTP requests to CrushFTP, ...
- Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection
March 27, 2025
SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection (SSTI), allowing a remote attacker with access to the Strapi admin panel to bypass validation checks ...
- Ukraine state railway says online services partially restored after cyber attack
March 27, 2025
Ukraine’s state-owned railway Ukrzaliznytsia, the country’s largest carrier, has partially restored online services after a large-scale cyber attack hit passenger and freight transport systems, the company said on Thursday. An outage was first reported on Sunday when the rail company notified passengers about a failure in its IT system and told them to buy tickets on ...
- UK MoD probes security breach after documents relating to Catterick Garrison found dumped in street
March 26, 2025
The Ministry of Defence is investigating after a cache of documents containing sensitive military information was found discarded in the street. The papers, some marked “official – sensitive”, were discovered spilling out of a black bin bag in the Scotswood area of Newcastle on March 16 . The BBC reported that they include details about soldiers’ ...
- UK supermarket Morrisons’ sales growth slows after cyber attack
March 26, 2025
British supermarket group Morrisons’ sales growth slowed in its first quarter, reflecting a previously flagged cyber attack at its technology provider which disrupted its operations. The UK’s fifth largest grocer, which has been owned by U.S. private equity firm Clayton, Dubilier & Rice since 2021, said on Wednesday its like-for-like sales rose 2.1% in its quarter ...
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...