Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers exploit Cacti critical bug to install malware, open reverse shells
January 15, 2023
More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. Cacti is an operational and fault management monitoring solution for network devices that also provides graphical visualization. There are thousands of instances deployed across the world exposed on ...
- Ransomware has now become a problem for everyone, and not just tech
January 15, 2023
It’s a new year, a time when many people look to turnover a new leaf and make some positive changes. Sadly, not everyone. In particular, it seems that ransomware gangs show no signs of letting up on their criminal activity in 2023. Then again, why would they? Read more… Source: ZDNet
- CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session
January 14, 2023
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that their 2FA-backed SSO session cookie, allowing access to the company’s internal systems. Earlier this month, CircleCi disclosed that they suffered a security incident and warned customers to rotate their tokens and secrets. data thIn a new security incident report on the attack, CircleCi ...
- NortonLifeLock warns that hackers breached Password Manager accounts
January 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account ...
- Royal Mail cyber attack carried out by Russian-linked ransomware gang
January 13, 2023
A ransomware gang linked to Russia carried out the Royal Mail cyber attack that suspended international postal deliveries. It is understood that Royal Mail’s investigation found the gang, named Lockbit, infected machines that print customs labels for parcels being sent overseas. The attack has left more than half a million parcels and letters stuck in limbo. Lockbit’s ...
- CISA Releases Twelve Industrial Control Systems Advisories
January 12, 2023
CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo ...