Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A million airport parking customers affected in huge data breach
August 31, 2024
A million Park’N Fly customers have had their sensitive data stolen after the company suffered a cyberattack. The news was confirmed in a data breach notification letter sent out by the company, which noted the threat actors accessed the company’s IT infrastructure in July 2024 using stolen VPN credentials. The crooks stole people’s full names, email ...
- Cyber security in critical industries: challenges, solutions, and the road ahead
August 30, 2024
In an era of rapid digital transformation, cyber security has emerged as a paramount concern, particularly for critical industries such as energy, healthcare, and transportation. As we approach the IET’s Cyber Security for Critical Industries 2024 conference, it is essential to delve into the latest cyber security challenges and explore how building resilient and responsive ...
- North Korean threat actor Citrine Sleet exploiting Chromium zero-day
August 30, 2024
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Microsoft ...
- Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
August 30, 2024
Trend Micro observed a new attack vector of weaponization for the vulnerability CVE-2023-22527 using the Godzilla backdoor. Following initial exploitation, a loader was loaded into the Atlassian victim server which loads a Godzilla webshell. On January 16, 2024, Atlassian released a security advisory for CVE-2023-22527, a vulnerability that affects Confluence Data Center and Confluence Server products. In ...
- Chennai bomb threat mails: Serious setback for police as Microsoft refuses to share vital information
August 30, 2024
Chennai cybercrime police has faced a serious setback in its investigations into the more than three dozen hoax bomb emails sent to schools, colleges, and the airport, ToI reported on August 30. Microsoft has refused to share crucial information regarding the mails, the report by ToI’s A Selvaraj said. These emails, the latest of which coincided ...
- 85 cyber attacks on Việt Nam’s sites, portals last week
August 30, 2024
A total of 85 cases of cyber attacks on Việt Nam’s websites and information portals were reported in the past week, according to the Authority of Information Security (under the Ministry of Information and Communications). Seventy four were phishing attacks and eleven were malware installations. According to the information security authority, attackers have been using malicious ...