An interesting read from Microsoft about a multi-stage campaign observed between April 14 and 16, 2026, targeting more than 35,000 users across 13,000 organisations in 26 countries. https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/ #microsoft #sirt #phishing #aitm #tokencompromise #cybersecurity #danweis #nexon #hackproofyourself #boardroomcyber #danweis

On Tuesday Kali 2026.1 was released. You can find all the details here: https://www.kali.org/blog/kali-linux-2026-1-release/ #kali #2026.1 #backtrack #pentesting #danweis #nexon

By now I'm sure you are all aware of what proper AI governance means for your organisation, but for those of you who don't, AI governance refers to the framework of rules, practices, and processes used to ensure that AI systems are developed and deployed responsibly, ethically, and safely. Most organisations vet their software vendors for AI risk, but what about your third parties / service providers your organisation utilises? How do you gain visibility into their AI usage,

NIST has just updated its guidance for Domain Name System (DNS) security. The last version of this document (Secure Domain Name System (DNS) Deployment Guide) (SP 800-81r3), was last updated way back in 2013. It's been updated with good protective DNS measures and recommendations that all organisations should adopt as a baseline, largely: Employ protective DNS wherever technically feasible to provide additional network wide security capabilities that include: Blocking harm