Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Exodus Spyware Found Targeting Apple iOS Users
April 5, 2019
The surveillance tool was signed with legitimate Apple developer certificates. The spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem. The surveillance package – dubbed Exodus – can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier ...
- Backdoor code found in popular Bootstrap-Sass Ruby library
April 5, 2019
Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update. The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today. The backdoor’s ...
- LokiBot Trojan Spotted Hitching a Ride Inside .PNG Files
April 5, 2019
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack. A spam campaign pushing the info-stealing LokiBot trojan leverages a novel technique to avoid detection. According to researchers, the spam messages include malicious .zipx attachment hidden inside a .PNG file that can slip past some email security gateways. According to Trustwave SpiderLabs, that first spotted the .PNG/LokiBot ...
- A dozen US web servers are spreading 10 malware families, Necurs link suspected
April 4, 2019
Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. On Thursday, researchers from Bromium said they have monitored scams connected to this infrastructure during the May 2018 to March 2019 time period. Five families of banking ...
- This new malware is scanning the internet for systems info on valuable targets
April 3, 2019
A new form of malware is scanning the internet for exposed web services and default passwords in what’s thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come. Researchers at AT&T Alien Labs first spotted the malware in March and have named it Xwo after its primary module name. It’s thought that Xwo ...
- Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
April 2, 2019
On March 30th, security researcher James Lee disclosed information on two zero-day vulnerabilities present in current versions of Microsoft Edge and Internet Explorer. These vulnerabilities make it possible for confidential information to be shared between websites. A flaw in the same-origin policy for these web browsers, called an Origin Validation Error (CWE-346), allows JavaScript embedded in a malicious ...