Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability
October 23, 2024
CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when ...
- Russia says ‘unprecedented’ cyber attack hits foreign ministry amid BRICS summit
October 23, 2024
The Russian Foreign Ministry was targeted by a severe cyber attack on Wednesday, coinciding with the major BRICS summit taking place in the country, spokeswoman Maria Zakharova said. Earlier Zakharova said that the ministry had been targeted by a large-scale distributed denial-of-service attack (DDoS). “A massive cyberattack from abroad began this morning on the infrastructure of ...
- Cybersecurity Awareness Month: Recognizing Phishing Attacks
October 23, 2024
In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity. In their last blog, SonicWall mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a ...
- Grandoreiro, the global trojan with grandiose goals
October 22, 2024
Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally. INTERPOL and ...
- Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
October 22, 2024
Healthcare organizations are an increasingly attractive target for threat actors. In a new Microsoft Threat Intelligence report, US healthcare at risk: strengthening resiliency against ransomware attacks, our researchers identified that ransomware continues to be among the most common and impactful cyberthreats targeting organizations. The report offers a holistic view of the healthcare threat landscape with a ...
- Data storage in spotlight of Italian security committee after Intesa breach
October 22, 2024
Italy’s influential parliamentary committee on security will hold a round of hearings on data storage following a major breach at the country’s biggest bank Intesa Sanpaolo, people familiar with the matter told Reuters on Tuesday. Intesa Sanpaolo is under investigation by prosecutors in the southern Italian city of Bari after it emerged that the accounts of ...