Mandiant (part of Google Cloud)

Stop guessing who the next target is. 🎯 The new Hacktivist DDoS Activity Dashboard (https://bit.ly/4mGh4Kd) in #GoogleThreatIntelligence is live! We’re combining botnet C2 telemetry with corroborated Telegram claims to give you a clear view of the threat landscape. 🛡️ ✅ Track industry-specific targeting ✅ Corroborate claims via check-host links ✅ Monitor active hacktivist infrastructure Access it via Dashboards > Hacktivist DDoS Activity in Google TI. #GoogleTIMondays #CyberSecurity #DDoS #ThreatIntel #GoogleCloud

Attending #GoogleCloudNext? Curious about agentic AI? Interested in reducing toil, upleveling talent, and reimagining security for an AI-first world? If you answered yes, join experts from Mandiant, Google Cloud Security, Morgan Stanley, Wiz, and Target for a deep dive into the agentic enterprise from infrastructure to AI agents. Stop by on day 2 from 11:45 AM - 12:30 PM ⏱️ https://bit.ly/4mIA0ID

AI unlocks unprecedented innovation, but it also creates a complex new attack surface. To provide security teams and architects with a technical approach to securing AI systems, we’ve synthesized findings from our recent Mandiant AI Red Team engagements into a practical roadmap. Our latest whitepaper, Secure development of generative AI applications: A proactive approach, moves past the theory to provide specific guidance on hardening AI systems. Inside the report, we break down how to: • Map the AI Attack Surface: Identify and mitigate vulnerabilities specific to LLMs, including prompt injection, data poisoning, and insecure output handling. • Apply Multi-Layer Controls: Implement a defense-in-depth strategy across the model, application, and infrastructure layers. • Incorporate Red Team Findings: Use observations from real-world Mandiant AI Red Team assessments to inform your threat modeling and security architecture. 📖 Equip your team to harness the power of AI, securely. Read the full whitepaper here: https://bit.ly/3OTG18F

Join technology and security leader Richard Crowther from Google Cloud & leading expert speakers for the ‘Engineering Resilience Panel’ at CyberUK 2026! Explore to what extent it is possible to architect systems to be more resilient in the event of compromise? The NCSC will share it’s latest thinking on best practice and the panel will discuss where they have seen this done well, the extent to which the chosen technical patterns matter, and how generalisable approaches are. 📅 23 April 📍Alsh Room, SEC Glasgow ⏰ 11:00 🚀 Richard Crowther, UK Sovereign Operations, Google Cloud 🚀 Carolyn Ainsworth, Deputy Director Engineering, NCSC 🚀 David I, Security Architect, NCSC 🚀 David Brown, Principal Security Consultant, NCC Group 🚀 Harry G, Deputy Director, NCSC #GoogleCloud #CyberUK26

Effective threat hunting requires more than just the right tools. It calls for a repeatable, intelligence-driven methodology to uncover adversary activity. That’s where we come in. Many security teams struggle to transition from reactive incident response to proactive threat hunting. To bridge this gap, organizations can integrate cyber threat intelligence with a structured approach, like the A4 framework, to build reliable and effective hunt missions. For the first time, Mandiant Academy is bringing our Practical Threat Hunting course out of the virtual environment and delivering it in-person at the Google Reston office from May 19–21, 2026. This instructor-led training is engineered for incident responders, threat hunters, and security researchers who need to operationalize their hunt capabilities. We focus heavily on practical application, teaching you how to leverage endpoint data, build accurate threat models, and establish clear measures of effectiveness for your overarching hunt program. Throughout the course, practitioners will engage in extensive hands-on labs using the command line, Jupyter Notebooks, and forensic tools like Velociraptor to hunt for evidence of compromise across complex scenarios, including: - Social engineering attacks - Advanced network and system compromises - APT nation-state actor activity Finding the adversary is only the first step. True maturity in a hunt program means translating those discoveries into lasting defenses. Attendees will actively develop an actionable threat hunt library to take back to their organizations and learn how to generate operational use cases, including writing Sigma rules based on their hunt missions. If you have a solid foundation in computer and operating system fundamentals and want to elevate your proactive security posture, join us in Virginia to refine your methodology alongside Mandiant experts. https://bit.ly/3Opz7Ic

Don’t let the connections stop when the conference floor closes! Join security peers for an informal evening of networking over food and drinks in the heart of Glasgow’s bustling West End. Whether you’re in town for CyberUK or local, we're looking forward to connecting with you. No formal presentations, just good conversations. 📅 April 22 📍 The Grosvenor Cafe, Glasgow ⏰ 18:45 - 22:00 🎟️ Register your interest here: https://bit.ly/4mzxuEl Event admittance will be on a first come, first served basis.

AI models are finding and exploiting vulnerabilities faster than ever, fundamentally changing the economics of zero-day attacks. Highly capable general-purpose AI models are lowering the barrier to entry for threat actors of all skill levels. They are not only identifying vulnerabilities but also helping generate functional exploits. We are already observing threat actors leverage these tools in underground forums, shifting the landscape toward mass exploitation campaigns. Relying on human-speed patching and manual triage will fail against these machine-speed threats. To prevent severe overload, organizations must integrate AI defensively and shift their security practitioners from manual investigators to strategic coordinators. To modernize defensive strategies, organizations must prioritize automation and resilience: ✅ Secure code by proactively scanning repositories for secrets and mapping threat models to detect minor weaknesses that AI could chain together. ✅ Move to automated security operations by deploying specialized AI agents to autonomously investigate alerts and correlate signals without manual reverse engineering. ✅ Maintain continuous asset discovery across complex environments to seamlessly feed known assets into downstream security tooling. ✅ Protect deployed AI systems and agents using established methodologies like Google's Secure AI Framework (SAIF) and screening tools to block prompt injections. For less mature environments, the focus must begin with a reliable foundation: baselining your current state, expanding scanning coverage, and formalizing emergency remediation SLAs based on severity, exposure, and asset criticality. The traditional window between vulnerability disclosure and active exploitation has vanished, and the concept of severity is shifting as AI connects multiple low-level vulnerabilities into critical breaches. By leveraging Google Threat Intelligence, Mandiant Security Consulting, and Agentic SecOps, organizations can adopt an assume-breach mentality, automate remediation at scale, and disrupt the adversary lifecycle before they reach their objective. The best response to this evolving threat landscape is disciplined preparation. 📄 Read more in our blog post: https://bit.ly/4cpI8sv

The FLARE Learning Hub freely distributes quality educational content on reverse engineering and malware analysis from the FLARE team. We are excited to share with the wider security community FLARE’s nearly two decades of experience in instructing thousands of students and professionals across higher education, private industry, government, and premier conferences. Our content emphasizes hands-on practice. Modules include demonstrations and lab exercises that reinforce the material, helping you integrate practical skills into your workflow. The modules are hosted as web-published Google Docs, while the GitHub repository contains all corresponding artifacts, including lab binaries, scripts, and disassembler databases. We are launching today with three modules: - Malware Analysis Crash Course: An adaptation of our foundational course that teaches the fundamental assembly skills and essential Windows knowledge necessary to begin reverse engineering Windows malware. - The Go Reverse Engineering Reference: A comprehensive reference for reverse engineering Go executables, including three reference sections: the implementation of Go language features, the Go runtime, and Windows Go executables. Additional Go content, including labs and demos, will be released later in the year. - An Introduction to Time Travel Debugging (TTD): This module applies WinDbg’s TTD technology to malware triage. TTD is a powerful but underutilized tool that can significantly speed up the analysis process and offer solutions to complex situations involving anti-analysis and obfuscation. This is a full release of content we previously shared through the blog post Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study and through the Accelerating Malware Analysis with WinDbg Time Travel Debugging workshop at DEFCON 33. We plan to publish updates and corrections to existing modules on an ongoing basis. We also have additional modules in the pipeline for the remainder of the year, so check back frequently! 💻: https://bit.ly/48JcDbN

Unlock the power of AI in your hunt with Code Insight! 🚀 From obfuscated scripts to malicious AI agent "skills", see how Google Threat Intelligence transforms complex code into actionable insights. Pro Tip: It even breaks the language barrier—translating foreign language comments within scripts so you never miss a clue. 🌍🛡️ #GoogleTIMondays #ThreatIntelligence #CyberSecurity #GoogleCloud #MalwareAnalysis

It's great to see the innovative ways our Mandiant Cyber Defense team is leveraging available tools to solve complex Google SecOps challenges and drive deeper automation.🦾