Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US Health Dept warns of Venus ransomware targeting healthcare orgs
November 10, 2022
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country’s healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center (HC3), HHS’ security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks ...
- Hack the Real Box: APT41’s New Subgroup Earth Longzhi
November 9, 2022
In early 2022, Trend Micro investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we ...
- VMware warns of three critical holes in remote-control tool
November 9, 2022
VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows – a product used by IT and help desk staff to remotely take over and manage employees’ devices. The flaws are all rated 9.8 out of 10 in CVSS severity. A miscreant able to reach a Workspace ONE Assist deployment, either ...
- Emotet coming in hot
November 8, 2022
Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year, rebuilding its infrastructure and becoming highly active in a ...
- Shangri-La hotel data breach likely had ‘minimal’ impact at Singapore ministerial summit
November 8, 2022
A recent data breach that hit eight Shangri-La hotels is unlikely to have a large impact on foreign government delegates who attended a high-level defence summit in Singapore, which was held at the hotel. Hackers claiming to have instigated the attack apparently have made contact with the hotel chain. Shangi-La Group said Friday it received an ...
- Malicious extension lets attackers control Google Chrome remotely
November 8, 2022
A new Chrome browser botnet named ‘Cloud9’ has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. The Cloud9 browser botnet is effectively a remote access trojan (RAT) for the Chromium web browser, including Google Chrome and ...