Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of LG TVs are vulnerable to takeover
April 9, 2024
As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year. The vulnerabilities are found in four LG TV models that collectively comprise slightly more than 88,000 units around the world, according to results returned by the Shodan search engine ...
- Cybercrime on agriculture operations and businesses is on the rise
April 9, 2024
When it comes to cyberattacks, ransomware and electronic fraud, farms and ranches are attracting the interest of hackers because they see these agriculture operations as potentially lucrative targets that may not have up-to-date fraud protection tools in place. Cathy Lennon, general manager of the Ontario Federation of Agriculture, says every point along the agrifood chain has ...
- NHS board warns patients of further data leak after cyber attack
April 9, 2024
An NHS board has warned patients that further personal information could be leaked by cyber criminals who stole medical data in a major cyber attack. A large amount of confidential data was taken from NHS Dumfries and Galloway during a sustained hacking attack. Last week, INC Ransom, an extortion operation, posted a message on its dark ...
- Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
April 8, 2024
Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light two weeks ago. The researcher said ...
- ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins
April 8, 2024
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. FortiGuard Labs recently discovered a ...
- Vet firm CVS hit by cyber-attack
April 8, 2024
Vet group CVS says it has been hit by a cyber-attack which has caused “considerable” disruption, particularly to its UK business. CVS, which runs about 500 veterinary practices globally and employs more than 9,000 people, said it had taken immediate action and its IT services had now been “securely restored” across most of the group. Read more… Source: ...