John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
CISA's Midnight Deadline: The Firewall Audit You Can't Ignore
Tonight at 11:59 PM, federal deadlines for Cisco gear expire. The government is done asking nicely for audits on firmware implants. Plus, your ActiveMQ window already shut.
Read More
Operation Power Off Round 2: 53 Domains Seized in Sustained DDoS Takedown
Europol's Operation Power Off 53 domains seized, 75,000 users warned, 25 search warrants served. Law enforcement has moved from arresting admins to systematically dismantling the ecosystem.
Read More
Unwinding the Deal: China Blocks Meta's Manus AI Acquisition
China reversed a completed Meta acquisition of AI startup Manus on national security grounds. We're now in the era of strategic AI protectionism.
Read More
A Five-Euro Tracker. A 500-Million-Euro Warship. An Obvious Gap.
A Dutch security researcher mailed a Bluetooth tracker hidden in a greeting card to a naval frigate and tracked it across the Mediterranean for 24 hours. The Dutch Navy banned battery-containing cards. That's the fix they landed on.
Read More
The 2-Minute Defeat: Why the EU's Child Safety App is a Case Study in Security Theater
The EU's high-profile age verification app was cracked in under two minutes by a security consultant. It turns out storing sensitive tokens in an unencrypted local text file is not 'Safe by Design.' Here is what happens when PR outpaces engineering.
Read More
Knock at the Door: Why Industrial Cyber Just Went Kinetic
German police are physically visiting factories to warn about software bugs while Swedish power plants dodge pro-Russian sabotage attempts. Industrial cybersecurity is no longer an IT issue, it is a national security emergency.
Read More
Law Enforcement Had a Good Week: At Least 6 Marketplaces Down, 213 Arrests, and a Historic Conviction
At least six dark web marketplaces dismantled, LeakBase seized, $12M in crypto fraud frozen, and the first Take It Down Act conviction. Law enforcement capabilities are improving. It's worth saying so.
Read More
Platforms Keep Saying They Moderate. Here Is What They Are Actually Allowing.
Telegram hosts a functioning commercial stalkerware market in EU jurisdictions. Amazon filed 1.1 million CSAM reports with zero location or suspect data. UK regulators are now threatening platform executives personally with jail time. Three countries, three harms, one pattern.
Read More
Microsoft's Security Theater, Two Acts
FedRAMP reviewers called Microsoft's government cloud documentation 'a pile of shit' and authorized it anyway. Same week, Microsoft silently locked out the developers of WireGuard and VeraCrypt. Two stories, same company, same problem.
Read More
France's Linux Move Isn't About Linux
France isn't migrating government workstations to Linux because it's technically better. It's doing it because the US demonstrated it can turn off American tech platforms for foreign governments whenever it wants.
Read More
The FBI Used Your Router. They Had a Court Order. This Is the Third Time.
Operation Masquerade gave the FBI court authority to issue remote commands to privately owned home routers in 23 states, removing APT28's foothold. It worked. It also raises questions worth sitting with.
Read More
ICE Is Using Paragon Spyware on American Soil. Congress Wants to Know Who They're Watching.
House Democrats demand answers on ICE's use of Paragon's Graphite spyware, raising questions about domestic surveillance and oversight.
Read More
CISA's Getting a $700M Haircut While Feds Post Gate Codes on Quizlet
The White House wants to slash CISA by up to $707 million. The same week, CBP facility gate codes showed up on public flashcard apps. Two symptoms of the same disease.
Read More
The People Who Built America's Cyber Arsenal Say We're Losing. They're Probably Right.
Four former NSA directors told RSAC that America has failed to deter adversaries in cyberspace, and a federal whistleblower's thumb drive allegation shows what that failure looks like from the inside.
Read More
Europe's Week: Fining Musk's AI, Rejecting Surveillance Powers, and Getting Hacked
In 48 hours, Europe fined xAI's Grok, voted to let CSAM scanning expire, had its Commission cloud breached, and watched its police force get phished.
Read More
America's Cyber Watchdog Is Walking Out the Door. The UK's Is Calling for a Full Court Press.
CISA is bleeding staff through its third government shutdown, with 1,000 vacancies and 60% of its workforce sidelined. Across the Atlantic, the UK's NCSC chief is demanding coordinated escalation against the same threats.
Read More
Regulators on Both Sides of the Atlantic Are Forcing Platforms to Verify Who's Online
Apple rolled out mandatory age verification for all UK iPhone users. The EU opened a formal DSA investigation into Snapchat. The era of anonymous sign-ups is ending, and it's moving faster than most platforms planned.
Read More
Sanders and AOC Want to Freeze AI Datacenter Construction. Here's What That Actually Means.
The Artificial Intelligence Data Center Moratorium Act would halt all new AI datacenter construction until Congress passes federal AI regulation. It won't pass. The energy numbers behind it are real.
Read More
New Mexico Handed Meta a $375 Million Jury Verdict on Child Safety. Every State AG Is Watching.
A New Mexico jury just handed Meta its first courtroom defeat over child safety: a $375 million verdict after six weeks of trial. It's not a settlement. It's a proof of concept for state AGs everywhere.
Read More
The FCC Just Banned Foreign Routers. Almost Every Router You Own Is Foreign.
The FCC has declared foreign-made consumer routers a national security threat and blocked new ones from entering the US market. Here's what the rule actually covers, what it doesn't, and why the hard question about firmware goes unanswered.
Read More
RSAC 2026 Day One: Every Vendor Went Agentic, the Government Went Missing
RSAC 2026 opened with a wave of autonomous AI security launches from Google, Microsoft, CrowdStrike, and Wiz. Reportedly absent from the program: CISA, the FBI, and the NSA.
Read More
DOGE Sent a Lawyer With No Nuclear Experience to Run NRC Meetings. He Dismissed Safety Concerns.
A 31-year-old DOGE-placed lawyer with zero nuclear background was chairing technical meetings at the Nuclear Regulatory Commission and reportedly dismissing staff safety concerns -- at exactly the wrong moment.
Read More
Dark Web Infrastructure Is Getting Harder to Monetize
Operation Alice took down 373,000 dark web sites. European prosecutors indicted three for the UniCredit breach. The pattern: law enforcement is attacking the infrastructure layer, not just individual offenders.
Read More
Smuggled Silicon: The DOJ Case That Puts AI Export Controls in the Spotlight
Three men charged with smuggling US AI hardware to China represent the first major criminal test of export control law applied to high-performance compute. The era of treating AI export controls as background noise is over.
Read More
Cyber Enforcement Is Moving Upstream, and Defenders Should Pay Attention
Recent actions show growing pressure on facilitators and infrastructure, not just frontline operators, which creates real defensive opportunities.
Read More
AI Export Controls Are Now a SOC Problem, Not Just a Legal Memo
New enforcement activity pushes export-control risk into day-to-day security operations, especially around access, logging, and partner workflows.
Read More
Policy Restraint vs Surveillance Expansion: The New Shape of U.S. Cyber Power
Washington is signaling limits on private-sector hack-back while doubling down on surveillance continuity and sanctions. The center of cyber power is moving toward institutions, not spectacle.
Read More
FedRAMP Says Authorized. That Doesn't Mean Enforced.
ProPublica raises questions about major cloud authorizations. Congress pressed on CISA staffing. Post-incident recovery data shows uneven performance long after disclosure. Compliance and enforcement capacity are not the same thing.
Read More
Geopolitics Landed in Your Hiring and Vendor Workflows Whether You're Ready or Not
Treasury sanctioned DPRK IT worker fraud facilitators with hundreds of millions in annual revenue tied to the ecosystem. Greek firms are scanning over conflict spillover. CISA says Iran hasn't spiked yet. Calibration matters, but so do controls.
Read More
FedRAMP's Trust Gap: When Technical Warnings Lose to Procurement Momentum
Federal cyber experts reportedly called Microsoft's cloud a 'pile of shit' -- and approved it anyway. That's not just a Microsoft story. It's a story about what certification badges actually mean.
Read More
Federal Cyber Reality Check: Capacity, Coordination, and Confidence Are Out of Sync
Staffing gaps, fuzzy lead-agency roles, and public messaging that doesn't always match operational uncertainty -- the layers of federal cyber aren't running in sync right now.
Read More
Four Major Companies Still Won't Talk About the Oracle EBS Breach
Broadcom, Bechtel, Estee Lauder, and Abbott Technologies got named in the Cl0p Oracle EBS breach. None have said a word. The silence is becoming its own problem.
Read More
Europe's Biggest Tech Fines Are Getting Overturned in Court
Amazon just got a $858 million GDPR fine thrown out. Cloudflare is fighting Italy's Piracy Shield. Big Tech's legal teams are now the real counterparty to European regulation.
Read More
CISA Is Running on Fumes While Threats Keep Piling Up
A third of CISA's workforce is gone. The agency is operating at 38% capacity during a shutdown. And a DOGE whistleblower alleges someone walked out with Social Security data. This isn't a policy debate. It's a capacity crisis.
Read More
New York Just Did What the EPA Couldn't: Mandatory Cybersecurity for Water Utilities
The feds tried and failed to mandate cybersecurity for water utilities. New York got tired of waiting and did it themselves. Sound familiar?
Read More