Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ownCloud vulnerability can be used to extract admin passwords
November 28, 2023
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments. ownCloud is a very widely used open-source project that allows users ...
- GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ
November 28, 2023
This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache. On November 2, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating this vulnerability’s high risk and impact. Fortiguard Labs also released an outbreak alert and a threat ...
- Hacker claims to have hit General Electric and stolen company data
November 27, 2023
A hacker with the alias IntelBroker claims to have breached General Electric and stolen plenty of sensitive data from the company’s systems. The company operates in different fields, including aerospace, renewable energy, power, venture capital, and more. The hacker posted a new thread on an underground forum, selling access to the company’s “development and software pipelines” ...
- The Unseen Layers: Exploring The Tactics Of Multistage .NET Malware Packers
November 27, 2023
Recently, the SonicWall Capture Labs Threat Research team has identified a new .NET Packer that is currently being widely used by the various stealers such as Lokibot, AgentTesla etc. In the ever-evolving landscape of cybersecurity threats, malicious actors continue to develop sophisticated techniques to compromise systems and exploit vulnerabilities. One such method gaining prominence is the ...
- Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers
November 27, 2023
Last Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since then, homeowners who have mortgages and prospective buyers who are purchasing properties with FNF or one ...
- Gulf Air hit with data breach, customer data possibly affected
November 27, 2023
Gulf Air, the national air carrier for the Kingdom of Bahrain, has confirmed suffering a data breach which most likely resulted in hackers stealing sensitive customer information. The company confirmed the news via a press release shared with local media highlighting a “data breach incident” on November 24, possibly resulting in the compromise of “some information ...