Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Upgraded Prilex Point-of-Sale malware bypasses credit card security
September 29, 2022
Security analysts have observed three new versions of Prilex PoS-targeting malware this year, indicating that its authors and operators are back in action. Prilex started as ATM-focused malware in 2014 and it pivoted to PoS (point of sale) devices in 2016. While development and distribution peaked in 2020, the malware disappeared in 2021. Kaspersky analysts now report ...
- The secrets of Schneider Electric’s UMAS protocol
September 29, 2022
UMAS (Unified Messaging Application Services) is a proprietary Schneider Electric (SE) protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU (part numbers BMEP* and BMEH*) and Modicon M340 CPU (part numbers BMXP34*). Controllers are configured and programmed using engineering software – EcoStruxure™ Control Expert (Unity ...
- Singapore firms see 54 cybersecurity incidents daily, struggle to keep up
September 29, 2022
The cybersecurity threat landscape is evolving so quickly companies in Singapore are finding it tough to keep up. Half feel “inundated” by an endless stream of cyber attacks, describing this as one of their biggest work frustrations. Just 25% of cybersecurity professionals in Singapore felt “very confident” in their organisation’s ability to adapt to new threats, ...
- Sophos fixes critical firewall hole exploited by miscreants
September 28, 2022
A critical code-injection vulnerability in Sophos Firewall has been fixed — but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn’t been issued a CVSS severity score, Sophos deemed it “critical” and noted ...
- Prilex: the pricey prickle credit card complex
September 28, 2022
Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that were used in these ATMs before the ...
- Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
September 28, 2022
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer. This builder allows anyone to build a fully functional encryptor and decryptor that threat ...