Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
December 18, 2024
C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools. Kaspersky latest investigation unearthed new activity ...
- Dragos Industrial Ransomware Analysis Q3 2024
December 17, 2024
The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly ...
- Texas medical school says hackers stole sensitive health data of 1.4 million individuals
December 17, 2024
The Texas Tech University Health Sciences Center (TTUHSC) confirmed hackers accessed the personal and sensitive health data of over 1.4 million individuals during a September cyberattack. The cyberattack, which also affected TTUHSC’s El Paso campus, saw attackers steal information including Social Security numbers, financial account information, government-issued ID details, and health information — including medical records ...
- BeyondTrust security advisory addresses a vulnerability in the Remote Support and Privileged Remote Access systems
December 17, 2024
BeyondTrust has released a security advisory that addresses a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2024-12356 has a CVSSv3 score of 9.8 and if exploited could ...
- Download a banking Trojan to track your parcel
December 17, 2024
In late October 2024, a new scheme for distributing a certain Android banking Trojan called “Mamont” was uncovered. The victim would receive an instant message from an unknown sender asking to identify a person in a photo. The attackers would then send what appeared to be the photo itself but was actually a malware installer. Shortly ...
- Link Trap: GenAI Prompt Injection Attack
December 17, 2024
With the rise of generative AI, new security vulnerabilities are emerging. One such vulnerability is prompt injection, a method that malicious actors can exploit to manipulate AI systems. Typically, the impact of prompt injection attacks is closely tied to the permissions granted to the AI. However, the attack discussed in this article differs from commonly known ...