Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- File hosting services misused for identity phishing
October 8, 2024
Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to ...
- London Fire Brigade block almost 340,000 cyber attacks
October 8, 2024
The London Fire Brigade, the fire and rescue service for the UK’s capital, has been targeted by nearly 340,000 cyber-attacks over the past year. The data was collected under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the number of blocked email attacks by the department. In total, the ...
- Wreaking havoc in cyberspace: threat actors experiment with pentest tools
October 8, 2024
In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver. According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of ...
- Awaken Likho is awake: new techniques of an APT group
October 7, 2024
In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, Kaspersky began tracking it, and published three reports in August and September 2024 through their threat research subscription on the threat actor they named Awaken Likho (also named by other vendors as Core Werewolf). While investigating ...
- iPhone flaw could read your saved passwords out loud – update now
October 7, 2024
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...
- UK’s Sellafield nuclear waste processing plant fined £333K for infosec blunders
October 4, 2024
The outfit that runs Britain’s Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation’s Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023. Sellafield, located in Cumbria, England, manages more radioactive waste than any other nuclear site in the world, and decommissioning work happening at ...