Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- NHS boss’s Twitter accounts hacked by PS5 scammers
March 19, 2021
NHS executive Helen Bevan had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales. She now has the accounts back but has received dozens of messages from people who fell for the scam. Ms Bevan also paid money to someone who said they could help – but ...
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests
March 18, 2021
Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...
- Apple developers targeted by new malware, EggShell backdoor
March 18, 2021
Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. According to research published by SentinelLabs on Thursday, the Run Script feature in the IDE is being exploited in targeted attacks against ...
- Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter
March 18, 2021
A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics (.PNG) image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Researcher David Buchanan heralded his discovery on Twitter earlier this week, accompanied by a photo declaring: “Save this image and ...
- New CopperStealer malware steals Google, Apple, Facebook accounts
March 18, 2021
Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices. The threat actors ...
- Convuster: macOS adware now in Rust
March 18, 2021
Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercriminals have been paying increased attention to new programming languages, seemingly in the ...