Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US seizes $6 million from REvil ransomware, arrest Kaseya hacker
November 8, 2021
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest ...
- DDoS attacks in Q3 2021
November 8, 2021
Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the ...
- REvil ransomware affiliates arrested in Romania and Kuwait
November 8, 2021
Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates on November 4, both of them allegedly responsible for infecting thousands of victims. DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers carried out four home searches in Constanța, seizing mobile devices (laptops, mobile phones) and storage ...
- Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
November 7, 2021
On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...
- Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’
November 5, 2021
Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...
- BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
November 4, 2021
On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary ...