"Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. Here are this week's stories: Threat actors increasingly integrate AI across attack stages Google Threat Intelligence Group (GTIG) observed in Q4 2025 that adversaries are advancing their use of AI for malicious purposes, with notable activity in model extraction attacks, ongoing experimentation, and broader incorporation into operations. Distillation attempts rose as actors probed models like Gemini via APIs to extract capabilities. Google disrupted many such efforts."
"CISA published a resource examining key obstacles that prevent secure authentication in operational technology (OT) environments. The document points out that legacy systems, proprietary protocols, and limited support for modern cryptographic methods make it difficult for personnel to implement strong authentication, often resulting in weak or absent identity verification during OT communications. EPA finds vulnerabilities at 277 water systems The US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems."
Adversaries are advancing the use of AI across multiple attack stages, including model extraction attempts and broader operational integration. Google Threat Intelligence Group observed distillation attempts probing models like Gemini via APIs and disrupted many such efforts. CISA identified persistent obstacles to secure authentication in operational technology environments, highlighting legacy systems, proprietary protocols, and limited support for modern cryptographic methods that hinder strong identity verification. The EPA identified vulnerabilities at 277 community water systems and announced actions to strengthen defenses against attacks on public drinking water. A Department of Defense employee, Samuel D. Marcus, has been indicted for acting as a money mule in a multimillion-dollar scam scheme.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]