In May 2026 the pressure continued to mount on organisations to manage sensitive data, third-party platforms, and identity controls with far greater discipline. The Manage My Health findings showed how weak technical safeguards and governance gaps can combine into a major privacy breach, while new NCSC guidance on agentic AI was released to provide guidance for enterprises in the new AI era.
Happenings
[NZ] Manage My Health Investigation
New Zealand’s Privacy Commissioner has released the initial findings of the inquiry into the December 2025 Manage My Health cyber incident, concluding that both Manage My Health and Health New Zealand failed to have reasonable security safeguards in place and therefore breached Rule 5 of the Health Information Privacy Code. The breach affected 99,416 patients, making it one of New Zealand’s largest known breaches of sensitive personal information. Around 91 percent of those affected were in Northland, largely because of a unique arrangement that allowed certain hospital discharge information to be made available through the portal.
The inquiry found that the incident was not caused by a single failure, but by a cascading combination of technical and governance weaknesses. On the technical side, the findings pointed to inadequate monitoring for unusually large-scale access, incomplete security design, and risk management, and critically, the absence of multi-factor authentication (MFA) on the compromised account. On the governance side, Health NZ was found to have relied too heavily on assurances from Manage My Health, without sufficient independent checks, specialist privacy and security input, or a fit-for-purpose contract for the information-sharing agreement. The Commissioner has said compliance notices will be issued to both organisations to require remediation work and independent verification that improvements are effective.
These findings reinforce that organisations handling personally identifiable information (PII) need strong technical controls, clear accountability, independent assurance, and careful oversight of third-party platforms before sensitive data can be safely shared at scale. For the wider sector, this breach is a reminder to enforce MFA on accounts with access to sensitive systems, review privacy requirements, and involve security specialists in new digital initiatives, and avoid relying solely on vendor assurances where sensitive information is concerned.
[NZ] NCSC Guidance for Agentic AI Services
New guidance from New Zealand’s National Cyber Security Centre (NCSC), developed alongside Five Eyes cyber security partners, has set out recommendations for the careful adoption of agentic AI services. Organisations are exploring tools capable of acting semi-autonomously on users’ behalf, taking actions such as retrieving information, initiating workflows, and making limited decisions within enterprise systems. Rather than warning against adoption outright, the guidance focuses on how to use these services safely and with appropriate oversight.
Agentic AI introduces a different risk profile from more traditional AI assistants because these systems may be given broad permissions, access to multiple data sources, and can act based prompts and inferred intent. This creates potential issues around excessive privilege, poor visibility over actions taken, over-reliance on generated outputs, and accidental exposure of sensitive data. The NCSC guidance encourages organisations to think carefully about governance, identity, access control, data boundaries, and monitoring before enabling such capabilities in production environments.
Organisations considering agentic AI should approach deployment as both a technology and governance exercise, implementing clear rules and controls around agent access for permitted actions, data boundaries, monitoring, and accountability. The guidance recommends starting with clearly defined, low-risk and non-sensitive use cases, applying least-privilege access, strong identity controls, audit logging, threat modelling, output validation, and ongoing human oversight before scaling adoption more broadly.
[NZ] Canvas Breach: Exposing the Risk of Shared Platforms
New Zealand education providers were among those affected by a wider breach involving Canvas, the learning management system operated by Instructure and used across schools, universities, and tertiary institutions. The University of Auckland confirmed the incident related to Canvas data held by Instructure rather than a breach of the University’s own systems, while New Zealand’s National Cyber Security Centre said it was engaging with the Ministry of Education, universities and tertiary institutions after some local learning institutions were affected. The incident shows how dependent education providers have become on shared digital platforms that sit at the centre of teaching, assessment, and communication. Instructure has said the breach involved certain user data, including names, email addresses, student ID numbers and user communications, which may not be as immediately damaging as passwords
Organisations should treat these types of platforms as critical third-party services rather than routine tools, with clear expectations around breach notification, data handling, fallback arrangements, and communication with affected users. In addition, it is important to review what information is stored in these platforms, how access is managed, and how users would be warned if exposed data is later used in phishing or impersonation attempts.
[US] Sensitive CISA Credentials Exposed on a Public GitHub Repository
A public GitHub repository linked to a contractor supporting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) exposed sensitive operational data, including credentials, internal files, and cloud access details. Because the contractor had access to CISA environments, any valid credentials could have provided a pathway into government systems for further exposure. The incident highlights both the exposure of highly sensitive material and failures in controls that should have prevented it, particularly around storing secrets in plaintext and disabling repository protections.
Public code repositories are a common source of accidental data leaks when secrets are embedded in scripts, configuration files, or logs and then committed. Once exposed, this information can be quickly copied or exploited. Organisations should treat any exposed secret as compromised, immediately revoke or rotate credentials, review activity, and assess broader impacts. Long term prevention requires strong secret scanning, enforced protections, secure storage, least privilege access and better governance, especially when contractors are involved.
Techniques and Updates
Kali365 Lowers the Barrier for Advanced Phishing
The Federal Bureau of Investigation (FBI) issued a warning about Kali365, a phishing platform that provides low-skill threat actors with access to advanced credential theft techniques, including a device code phishing toolkit effective against Microsoft 365 accounts. Kali365 has been used in campaigns targeting organisations around the world, allowing attackers to run sophisticated operations without needing to build their own infrastructure. Its emergence is another sign that phishing-as-a-service offerings are continuing to mature and become easier to use.
Device code phishing is concerning because it abuses a legitimate authentication workflow rather than relying solely on a fake login page. In these attacks, a target may be convinced to enter a valid device code on an official Microsoft sign-in page, effectively authorising access for the attacker without directly handing over their password. This can make the activity appear more legitimate to victims and reduce the effectiveness of conventional awareness cues that focus on spotting spoofed websites. Platforms like Kali365 package these techniques into ready-to-use services, lowering the technical threshold for threat actors and increasing the scale at which campaigns can be launched.
User awareness training needs to evolve beyond warnings about suspicious links and fake login pages. Organisations should inform staff that legitimate Microsoft prompts can still be abused in social engineering attacks. Implementation of Conditional Access policies, login risk monitoring, device code restrictions, and targeted alerting can identify and reduce the likelihood of a successful phishing breach.
Developer Tools: A Growing Software Supply-Chain Risk
Recent incidents at GitHub and Red Hat highlight the growing risk of malicious developer tools in trusted workflows. GitHub reported ~3,800 internal repositories were accessed via a compromised Visual Studio Code extension, while Red Hat removed compromised npm packages that were altered to steal developer credentials and sensitive information.
Developer environments have become high‑value targets because they contain access tokens and operational context attackers can use to move laterally. The malicious IDE extensions or packages can be used to harvest secrets or abuse CI/CD processes without directly attacking production systems to run on development workstations.
Organisations should treat developer environments as high-value assets and implement appropriate controls in place to manage access to tools and packages that can be used by developers. These controls could include allow-lists, dependency checks, secret scanning, and workstation hardening. In addition, organisations should have the ability to monitor CI/CD and rapidly rotate credentials within these environments. The goal should be to let developers move quickly by monitoring and reviewing tools being used during the development process.
Microsoft Updates
Microsoft’s security activity this month has focused on authentication controls and a wider set of patches for Windows, cloud, collaboration, and endpoint security components. Microsoft continues to move away from SMS-based codes for personal Microsoft accounts, with users being pushed toward stronger options such as passkeys, authenticator apps, or verified email. The change does not automatically alter enterprise Entra ID settings, but it does reflect the broader direction Microsoft is taking on authentication. SMS-based MFA has been considered weak for some time, as codes can be intercepted, redirected through SIM-swapping, or obtained through phishing and social engineering. Organisations should look to reduce their reliance on SMS when stronger options are available, particularly for privileged and high-risk accounts.
The May security updates also addressed several issues that are important for enterprise environments, especially where Windows infrastructure supports identity, name resolution, or administrative workflows. One of the most important remediations was to address CVE-2026-41089, a critical Windows Netlogon remote code execution vulnerability. Netlogon is a core part of Active Directory, meaning unpatched domain controllers should be treated as a priority, particularly if they are reachable from less-trusted parts of the network. Microsoft also patched CVE-2026-41096, a critical Windows DNS Client remote code execution vulnerability. Both workstations and servers use DNS resolution, meaning this should not be treated as a narrow server-side issue or left out of routine endpoint patching. Organisations should make sure Windows clients, servers, and any systems exposed to less-trusted networks are promptly patched.
Microsoft addressed a critical Azure Logic Apps privilege escalation issue, CVE-2026-42823, which is relevant for organisations using Azure automation workflows, along with a SharePoint Server remote code execution vulnerability, CVE-2026-45659, which matters particularly for environments still running on-premises SharePoint. Two actively exploited Microsoft Defender vulnerabilities were patched and included one issue that could allow local privilege escalation to SYSTEM-level access and another that could cause a denial-of-service condition affecting protection on vulnerable hosts.
Maintaining a consistent and timely patching cycle across the whole Microsoft ecosystem remains essential, not just for systems that are obviously exposed to the internet. Identity services, endpoint protection, DNS, collaboration platforms, and cloud automation all form part of the organisation’s security baseline, and delays in patching any of these areas can create opportunities for attackers to move further once they already have a foothold. Security teams should priories the investigation and triage of critical Microsoft updates and develop a process to roll out updates quickly across core infrastructure.