Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Schreiber Foods back to normal after ransomware attack shuts down milk plants
October 29, 2021
Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack took down their systems earlier last weekend. The food production giant became the latest critical industry company to be hit with ransomware in recent months as cybercriminals continue to show little fear in attacking a variety of industries. Schreiber ...
- Suspected REvil Gang Insider Identified
October 28, 2021
He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang. The showy billionaire goes by “Nikolay K.”on social media, and German police are hoping he’ll cruise out of Russia ...
- Network Scanning Traffic Observed in Public Clouds
October 28, 2021
Tracking network scanning activities can help researchers understand which services are being targeted. By monitoring the origins of the scanners, researchers can also identify compromised endpoints. If a host belonging to a known organization suddenly starts to scan a part of the internet, it is a strong indicator that the host is compromised. This blog summarizes ...
- EU Green Pass-generation keys stolen – sources
October 27, 2021
Some of the keys used to generate the European Green Pass have been stolen and distributed on programming networks to create false COVID-19 health certificates, qualified Italian sources said on Wednesday. A series of meetings at the EU level were being held on Wednesday to examine the situation, according to the sources. Read more… Source: ANSA News
- Warehouse belonging to Chinese payment terminal manufacturer raided by FBI
October 27, 2021
US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment ...
- Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t
October 27, 2021
Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said the threat actors, dubbed “Balikbayan Foxes” and tracked as TA2722, are concentrated in the Philippines but are targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy ...