Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes
July 11, 2023
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies. Read more… Source: Talos
- FortiOS/FortiProxy – Proxy mode with deep inspection – Stack-based buffer overflow
July 11, 2023
A stack-based overflow vulnerability in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. Workaround: Disable deep inspection on proxy policies or firewall policies with proxy mode. Read more… Source: FortiGuard Labs/Fortinet
- Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
July 11, 2023
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year. The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.” Read more… Source: Talos
- 12,000 State Bank of India employees’ sensitive data leaked on Telegram channels
July 11, 2023
In a massive data breach incident, the data of more than 12,000 State Bank of India (SBI) employees was leaked on Telegram channels. The leaked data included the employees’ personal information, such as their SBI passbooks, names, addresses, contact numbers, and PAN numbers. The data breach was unearthed after a Telegram channel with the handle @sbi_data ...
- Storm-0978 attacks reveal financial and espionage motives
July 11, 2023
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress. Read more… Source: Microsoft
- Attackers Exploit Unpatched Windows Zero-Day Vulnerability
July 11, 2023
A zero-day vulnerability (CVE-2023-36884) affecting Microsoft Windows and Office products is being exploited by attackers in the wild. To date, the exploit has been used in highly targeted attacks against organizations in the government and defense sectors in Europe and North America. The vulnerability was disclosed yesterday (July 11) by Microsoft, which said that an attacker ...