Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 100 million+ US citizens have records leaked by background check service
September 23, 2024
A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, ...
- China accuses Taiwan-backed group of cyberattacks
September 23, 2024
The Ministry of State Security said a Taiwan military-backed hacking group has been carrying out cyberattacks against targets in China, urging people to report “anti-propaganda sabotage”. The ministry said since the beginning of this year, Anonymous 64 had sought to upload and broadcast “content that denigrates the mainland’s political system and major policies” on websites, outdoor ...
- How the Necro Trojan infiltrated Google Play, again
September 23, 2024
In late August 2024, Kaspersky researchers attention was drawn to a Spotify mod called Spotify Plus, version 18.9.40.5. At the time of writing this, the mod could be downloaded from spotiplusxyz and several related sites that linked to it. The original website claimed that the mod was certified, safe, and contained numerous additional features not found ...
- Philippines: Department of Foreign Affairs concerned over data breach at passport printing unit
September 21, 2024
The Department of Foreign Affairs (DFA) of the Philippines has announced that they’re really concerned over the data breach at APO Production Unit – a government-owned and controlled corporation (GOCC) in charge of printing passports. During a Senate finance subcommittee hearing on the agency’s proposed budget for 2025, DFA Office of Consular Affairs Assistant Secretary Adelio ...
- Agri-Food Sector Under Increasing Threat From Cyber Attacks
September 20, 2024
As the agri-food sector increasingly embraces automation with GPS, robotic systems, cloud-connected devices, and AI-driven tools to boost efficiency and crop yields, cyber risks have been rapidly escalating. With ransomware attacks as the primary threat, the food and agriculture sector ranks as the seventh most targeted industry in the United States, just behind sectors like manufacturing ...
- -=TWELVE=- is back
September 20, 2024
In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques ...