Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hellhounds: Operation Lahat. Part 2
May 23, 2024
In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks ...
- Crooks plant backdoor in software used by courtrooms around the world
May 23, 2024
A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application ...
- LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack
May 23, 2024
The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...
- ShrinkLocker: Turning BitLocker into ransomware
May 23, 2024
The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices. Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. In that incident, the attackers were able to deploy and run an advanced VBS script that ...
- Most recent cyber attacks on water systems won’t be the last, says cybersecurity expert
May 23, 2024
More government agencies are taking steps to shore up their cybersecurity measures. Earlier this week, the Environmental Protection Agency announced it would step up inspections of water facilities that may be vulnerable to cyberattacks. Why are government agencies more at risk when it comes to cyberattacks and operational vulnerabilities? Read more… Source: MSN News Sign up for our Newsletter Related:
- Cyber Signals: Inside the growing risk of gift card fraud
May 23, 2024
Multifactor authentication Security operations In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank account attached to them, which can lessen scrutiny of ...