Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Israeli government websites down due to suspected cyberattack
March 14, 2022
This is the largest-ever cyberattack carried out against Israel, a defense establishment source says Several Israeli government websites went down on Monday, prompting suspicions of a cyberattack. The websites of the Prime Minister’s Office, as well as several ministries, were inaccessible. Access to some of the websites has been restored. A senior defense official reportedly told Haaretz that ...
- CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel
March 14, 2022
Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege escalation. The vulnerability resides in the pipe tool, which is used for ...
- QNAP warns severe Linux bug affects most of its NAS devices
March 14, 2022
Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed ‘Dirty Pipe’ that allows attackers with local access to gain root privileges. The ‘Dirty Pipe’ security bug affects Linux Kernel 5.8 and later versions, even on Android devices. If successfully exploited, it allows non-privileged ...
- Automotive giant Denso confirms hack, Pandora ransomware group takes credit
March 14, 2022
Denso has confirmed a cyberattack impacting the firm’s German operations. The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 ...
- Spam website set up to reach millions of Russians
March 12, 2022
A Norwegian computer expert has created a website enabling anyone to send an email about the war in Ukraine to up to 150 Russian email addresses at a time, so that Russian people have a chance to hear the truth their government is hiding. All over Russia email inboxes are pinging. Millions of messages are being received ...
- Bridgestone Americas confirms ransomware attack, LockBit leaks data
March 11, 2022
A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Bridgestone has tens of production units across ...