Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ascension Health Becomes Latest Cyberattack Victim in Healthcare, Investigations Underway
May 9, 2024
Ascension Health has disclosed that after detecting “unusual activity,” that affected its clinical operations, the company contacted Mandiant, a cybersecurity firm, to investigate the cyberattack. According to Ascension Health’s official statement, the organization has processes in place to guarantee that patient care delivery remains safe and is affected as little as possible, and care staff are ...
- Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
May 9, 2024
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts. Read more… Source: Proofpoint Sign up ...
- U.S. Patent Office data leak exposes private addresses
May 9, 2024
USPTO has acknowledged yet another incident in which the filers’ address data was leaked. Following a second data breach within two years, the federal agency responsible for patent and trademark grants notified thousands of filers whose private addresses were exposed. As a result, the USPTO is now reaching out to thousands of affected filers to inform ...
- European Parliament election prep unearthed data breach
May 8, 2024
The breach, dating back to early 2024, was uncovered two weeks ago as the European Parliament intensified efforts to reinforce its cybersecurity in preparation for the upcoming European elections in June, a press officer from the European Parliament told Euronews. The compromised application which has now been taken offline is called ‘PEOPLE’, and collated sensitive information ...
- Kansas: First responders impacted by City of Wichita cyber attack
May 8, 2024
The City of Wichita is staying tight-lipped on details about a cyber attack that led to the shutdown of some of its online systems. Getting details on the cybersecurity attack, how it happened and what information could be at risk has been a challenge. The City has not had answers to many of KSN’s questions. What ...
- Dmitry Khoroshev named as alleged leader of ransomware gang LockBit
May 7, 2024
The alleged leader of what was once the world’s largest ransomware outfit, LockBit, has been named as Russian national Dmitry Khoroshev by the UK’s National Crime Agency (NCA), after the seizure of the criminal gang’s infrastructure. Khoroshev, who lived his online life under the name LockBitSupp, has been sanctioned by the UK, US and Australia as ...