Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Known Indicators of Compromise Associated with Androxgh0st Malware
January 16, 2024
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided ...
- Data breach hits Navy contractor Fincantieri Marine Group
January 15, 2024
Italian shipbuilding firm Fincantieri’s U.S. arm Fincantieri Marine Group, which is a contractor for the U.S. Navy, disclosed that it had 16,769 individuals’ data compromised following an April ransomware attack that resulted in significant production disruptions. In breach notification letters sent to impacted individuals earlier this month, FMG said that some of its systems had been ...
- Medical data breach could impact thousands from New Hampshire
January 15, 2024
A Massachusetts-based medical company is contacting over 900,000 people whose personal information may have been compromised in a data breach. In a letter to the New Hampshire attorney general’s office, Transformative Healthcare said the breach happened last year when someone gained access to an archived copy of data that previously belonged to Fallon Ambulance Service. Read more… Source: MSN ...
- Hackers target UK in huge cyber attack ‘in response to airstrikes in Yemen’
January 13, 2024
Hackers say they launched a massive cyber attack against the UK in response to airstrikes in Yemen. Anonymous Sudan said Friday’s raid on an internet company was also because Britain had shown “support” for Israel. In a statement on messaging platform Telegram, the group warned: “Big attack on UK soon, in response to the air attacks ...
- Joomla! vulnerability is being actively exploited
January 12, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active ...
- Financial Fraud APK Campaign
January 12, 2024
During Unit 42 ivestigation discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting their radar. The research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. To do this, the threat actor masquerades as a law enforcement ...