Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data
January 10, 2024
Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were stolen. HMG Healthcare is headquartered in The Woodlands, Texas, and provides a range of services, including memory care, rehabilitation, and assisted living. HMG’s website says it ...
- Australia: The Iconic denies responsibility for data breach
January 10, 2024
The Iconic has denied responsibility for a series of data breaches that saw Aussies’ bank balances drained of thousands of dollars after their accounts with the retailer were compromised. Earlier this week, news.com.au revealed customers at Australia’s largest online retailer had reported a large number of hacking attempts and security breaches, with bad actors successfully compromising ...
- Linux devices are under attack by a never-before-seen worm
January 10, 2024
For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said. The worm is a customized version of Mirai, the botnet malware that infects Linux-based servers, routers, web cameras, and other so-called Internet of Things devices. ...
- AI aids nation-state hackers but also helps US spies to find them, says NSA cyber director
January 9, 2024
Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation state elements utilizing AI. They’re all subscribed to the big name companies that you would expect ...
- Kenya Airways suffers passenger data breach in cyber attack
January 9, 2024
Cybercriminals attacked Kenya Airways’ (KQ) information systems and obtained sensitive information, including contact details and identification documents, of passengers and staff of the airline, an authoritative source at KQ has confirmed. The cyber attack, which occurred late last month, led to unauthorised access to police investigation reports, phone numbers, email addresses, and passports of an unspecified ...
- Deceptive Cracked Software Spreads Lumma Variant on YouTube
January 8, 2024
FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL ...