Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TA456 hackers built an elaborate online profile to fool their targets into downloading malware
July 28, 2021
Iranian hackers spent 18 months masquerading as an aerobics instructor in a cyber-espionage campaign designed to infect employees and contractors working in defence and aerospace with malware in order to steal usernames, passwords and other information which could be exploited. Active since at least 2019, the campaign used Facebook, Instagram and emails to pose as the ...
- Critical Microsoft Hyper-V bug could haunt orgs for a long time
July 28, 2021
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft’s native hypervisor for creating virtual machines on Windows systems and in the Azure cloud computing environment. Currently tracked as CVE-2021-28476, the security issue has a critical severity score of 9.9 out of 10. Exploiting it on unpatched machines can have a devastating impact as ...
- DDoS attacks in Q2 2021
July 28, 2021
In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord ...
- THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
July 27, 2021
While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation remote access tool (RAT) to one of the compromised servers. The variant observed by Unit 42 is unique in that it contains a change to its core source code: the replacement of its trademark ...
- UC San Diego Health discloses data breach after phishing attack
July 27, 2021
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health is one of the nation’s best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. ...
- Threat Actors Exploit Misconfigured Apache Hadoop YARN
July 27, 2021
The misconfiguration and resulting exposure of cloud services is one of the most prevalent risks in the Linux threat landscape. We previously analyzed incidents related to this security concern, such as an exposed Docker API being abused by threat actors in the wild and exposed Redis instances that threat actors actively search. This blog post will ...