Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Indicators of compromise (IOCs): how to collect and use them
December 2, 2022
It would hardly be an exaggeration to say that the phrase “indicators of compromise” (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes, IP addresses and other technical data that should help information security specialists to counter a specific threat. But how exactly can indicators ...
- Industry 4.0: CNC Machine Security Risks – Part 2
December 2, 2022
In part one, Trend Micro researchers discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. The researchers also laid out how we evaluated the chosen vendors for Trend Micro research. For this blog, Trend Micro will continue discussing their ...
- Google Chrome emergency update fixes 9th zero-day of the year
December 2, 2022
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year. “Google is aware of reports that an exploit for CVE-2022-4262 exists in the wild,” the search giant said in a security advisory published ...
- Eufy’s security cameras send data to the cloud without consent, and that’s not the worst part
December 1, 2022
Eufy’s claims to keep “privacy in your own hands” have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also been made aware that you can watch camera streams using VLC without authentication. Paul Moore, a ...
- #StopRansomware: Cuba Ransomware
December 1, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Note: ...
- New DuckLogs malware service claims having thousands of ‘customers’
December 1, 2022
A new malware-as-a-service (MaaS) operation named ‘DuckLogs’ has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. DuckLogs is entirely web-based. It claims to have thousands of cybercriminals paying a subscription to generate and launch more than 4,000 malware builds. The ...