January 12th, 2026 - Gemini 3 integrated in Agentic, OCR support for PDF files in Agentic, new Middle East Storage Region for Private Scanning and more

📢 Google TI Mondays. Quick reminder to Follow the Google TI Mondays series across our social platforms every week for quick, actionable practitioner tips and product adoption advice designed to enhance your efficiency. These actionable tips are essential. #GoogleTIMondays

• Behavior signature hunting
• Hunting Holiday Threats in late December Campaigns
• Private IoC Collections

💪 Detection Highlights. The Google Threat Intelligence Group and FLARE team consistently enhance Google TI's YARA rules and malware configuration extractors. Over the past week, we've released YARA rules covering 5 newly tracked malware families and updated YARA rules for 8 existing families. Additionally, we've expanded our configuration extraction platform to cover 1 new malware family. These updates prioritize malware families actively observed in Mandiant incident response engagements, SecOps customer environments, and top GTI search trends.

As we track new malware families identified through our research, we develop and release detection signatures. Some recent examples include:

• BOATBRICK: a malicious JavaScript-based credential harvesting extension, distributed as a .crx archive, specifically targeting the Chrome environment. This extension is designed to facilitate illicit activities such as user-agent spoofing, search hijacking, and sophisticated advertising fraud. Its primary objective is to covertly exfiltrate the entire contents of the victim's Chrome user profile databases. See its curated YARA detection rules.
• BOATMOOR: a credential stealer written in C#. The stealer exfiltrates sensitive user data including saved passwords, cookies, browsing history, and bookmarks from Mozilla Firefox, Microsoft Edge, Opera, and Opera GX. Data is merged into a local Google Chrome user profile database prior to exfil by BOATBRICK. See its curated YARA detection rule.
• COLDSAUCE: a fully featured Windows backdoor written in C/C++. COLDSAUCE communicates with its command-and-control (C2 or C&C) server using QUIC. COLDSAUCE capabilities include system information collection, screenshot capture, keystrokes capture, file system operations, and file upload and download. COLDSAUCE also provides an interactive shell that supports a number of commands that are custom implementations of common Windows command-line tools. See its curated YARA detection rules.

In addition to providing detection rules for new and emerging threats, we continuously update our detection systems for known threats such as:GAFGYT, TIMEDRAIN, and FLASHHOOK.

These updates ensure you have the latest indicators, including those extracted by our configuration extraction systems.

See latest malware family profiles added to the knowledge base and the complete list of curated YARA rules in our database.

💪 New Middle East Storage Region for Private Scanning. Private Scanning is a dedicated service within Google Threat Intelligence that allows organizations to submit suspicious files and URLs for both static and dynamic analysis. Unlike public submissions, this service ensures that all IoCs, execution data, and resulting analysis reports remain completely confidential and are never shared with the public or the broader community. To support local data residency and governance requirements, we have expanded our global infrastructure to include the Middle East as a new region for temporary storage. This update offers regional customers greater flexibility in aligning their security operations with local compliance standards.

🆕 Agentic Workflows Supercharged with Gemini 3. Agentic is the AI-powered assistant integrated within Google Threat Intelligence, designed to simplify and streamline complex threat intelligence tasks. It acts as a force multiplier for security teams, allowing them to interact with Google TI’s expansive dataset using natural language to automate investigations, generate complex queries, and synthesize technical reports. We have upgraded the underlying engine of Agentic from Gemini 2.5 to Gemini 3, bringing significant advancements to the system's reasoning capabilities and overall behavior.

🆕 New OCR detection in Agentic. Agentic, our AI-powered assistant, now supports file uploads as context, allowing for deeper analysis. This update includes OCR support for PDF files, and we are actively expanding this capability to other file types, so stay tuned for updates.

💪 Intelligence at Speed - Instant Executive Briefs Powered by Agentic. We have integrated the Agentic Conversational AI platform across all major IoC analysis reports (files, URLs, domains, IP addresses). This new capability is accessed via a single 'Brief' button. After selecting a set of IoC analysis reports, clicking the 'Brief' button automatically initiates a conversation within the Agentic interface, allowing the AI to produce an executive summary focused specifically on the selected entities' recent activity.