On Tuesday Kali 2026.1 was released. You can find all the details here: https://www.kali.org/blog/kali-linux-2026-1-release/ #kali #2026.1 #backtrack #pentesting #danweis #nexon

By now I'm sure you are all aware of what proper AI governance means for your organisation, but for those of you who don't, AI governance refers to the framework of rules, practices, and processes used to ensure that AI systems are developed and deployed responsibly, ethically, and safely. Most organisations vet their software vendors for AI risk, but what about your third parties / service providers your organisation utilises? How do you gain visibility into their AI usage,

NIST has just updated its guidance for Domain Name System (DNS) security. The last version of this document (Secure Domain Name System (DNS) Deployment Guide) (SP 800-81r3), was last updated way back in 2013. It's been updated with good protective DNS measures and recommendations that all organisations should adopt as a baseline, largely: Employ protective DNS wherever technically feasible to provide additional network wide security capabilities that include: Blocking harm

As of the start of this week, the maximum certificate lifespan for TLS certificates has now dropped to 200 days. The change is the first step in a process established by the CA/Browser Forum last year. (CAB is the governing body comprised of certificate authorities, browser vendors, and operating system providers, that sets the Baseline Requirements for publicly trusted SSL/TLS certificates.) The next changes will be in March 15, 2027, where maximum validity period of subscri

I'm often asked by IT folk, sysadmins, soc staff, and pentesters alike about some free tools they can run across their environments (or their clients) to identify security risks associated with Local Active Directory (LAD) & Entra ID (Formerly AAD). There are a stack of tools out there, but this blog post will cover some nice simple toolsets you can use in between your next pentest to make it more difficult for the pentesters during your next pentest and to improve your IAM

The ASD/ACSC have just released their annual cyber threat report for 2024-2025. It's always an interesting read, you can access it here: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025 The most targeted sectors last year were financial, insurance, healthcare, social assistance and info media & comms, with the top 3 reported cyber incidents affecting critical infrastructure encompassing compromised asset/network/i

Just came across this in today's news feeds... This isnt going to be good news for anyone, except the ransomware groups....

Its sad that we are now at the point where everything should be assumed as fake when it comes to videos & content online (and of course...

The FBICD have just released an advisory regarding the UNC6040 and UNC6395 threat actors who are targeting Salesforce platforms of late,...

This is an awesome read and quite hilarious, can't believe this attacker/threat actor could of made such a simple mistake! wow! 🫣...

Patch Tuesday is again upon us. This month the new SMB patch rolled out, enabling a new feature that enables support for auditing SMB...

An interesting diary entry from the SANS Internet Storm Center today on sextortion observations and associated bitcoin addresses over the...

Citrix has released the fixes to address the latest 3 security flaws in NetScaler ADC and NetScaler Gateway, including CVE-2025-7775 that...

MITRE have just Updated their Most Important Hardware Weaknesses List, which you can access here: https://cwe.mitre.org/topHW/archive/20...

At Nexon, we have been performing penetration testing, red teaming, and threat assessment for close to 20 years.  During this time, we...

I came across this post from Kevin this morning. A great reminder to everyone that if you want to reduce your online presence, BADBOOL...

Most organisations these days are very familiar with phishing and Spear Phishing campaigns and are typically included in annual...

Yesterday I came across a post regarding the Lockbit ransomware gang, who had been hacked big time (they clearly pissed off someone), and...

A good example of a logic bomb attack, 6 years in the making, we haven't seen many of these attacks for a number of years now. For you...

One to be vigilant on when browsing LinkedIn job advertisements. North Korea are posting fake posts atm and during the interview process...