Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Healthcare system facing ‘increased and imminent’ cyber threat
November 3, 2020
Federal agencies warn that cybercriminals are escalating their extortion attempts against the healthcare sector even as hospitals are facing a nationwide surge in Covid-19 cases. In a joint alert, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert ...
- Cybersecurity: One in three attacks are coronavirus-related
November 3, 2020
The UK’s National Cyber Security Centre (NCSC) is ‘stepping up support’ for the National Health Service to help protect UK hospitals and other healthcare organisations against cyberattacks. The NCSC’s Annual Review 2020 reveals that the cyber arm of GCHQ has handled more 200 cyber incidents related to coronavirus during the course of this year – almost ...
- New RegretLocker ransomware targets Windows virtual machines
November 3, 2020
A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption. RegretLocker was discovered in October and is a simple ransomware in terms of appearance as it does not contain a long-winded ransom note and uses email for communication rather than a ...
- APT trends report Q3 2020
November 3, 2020
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ...
- Hacker group uses Solaris zero-day to breach corporate networks
November 2, 2020
Mandiant, the investigations unit of security firm FireEye, has published details today about a new threat actor it calls UNC1945 that the security firm says it used a zero-day vulnerability in the Oracle Solaris operating system as part of its intrusions into corporate networks. Regular targets of UNC1945 attacks included the likes of telecommunications, financial, and ...
- Google patches second Chrome zero-day in two weeks
November 2, 2020
Google has released a security update today for its Chrome web browser that patches ten security bugs, including one zero-day vulnerability that is currently actively exploited in the wild. Identified as CVE-2020-16009, the zero-day was discovered by Google’s Threat Analysis Group (TAG), a security team at Google tasked with tracking threat actors and their ongoing operations. Read ...