Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Comcast Xfinity accounts hacked in widespread 2FA bypass attacks
December 22, 2022
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting ...
- Detecting Windows AMSI Bypass Techniques
December 21, 2022
Windows Antimalware Scan Interface (AMSI) is an agnostic security feature in the Windows operating system (OS) that allows applications and services to integrate with security products installed on a computer. Introduced by Microsoft in 2015, it provides a standard interface that allows solutions to scan files, memory, and other data for threats. This can help ...
- Godfather: A banking Trojan that is impossible to refuse
December 21, 2022
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including ...
- Microsoft research uncovers new Zerobot capabilities
December 21, 2022
Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of ...
- Guardian hit by serious IT incident believed to be ransomware attack
December 21, 2022
The Guardian has been hit by a serious IT incident, which is believed to be a ransomware attack. The incident began late on Tuesday night and has affected parts of the company’s technology infrastructure, with staff told to work from home. There has also been some disruption to behind-the-scenes services. Read more… Source: The Guardian
- As cyber criminals start targeting retail, companies must be ready to fight back
December 20, 2022
Given the current geopolitical situation, it’s easy to conflate cybersecurity with the war in Ukraine and bad actors overseas. Historically, cyber-attacks have traditionally been associated with nation states and hacktivists conducting high-profile attacks on high-profile targets to wreak havoc, make headlines, and draw attention to their cause. However, the current cyber-security landscape is far murkier ...