my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

Mostly security stuff...

Make sure you check out my main blog at https://gnerdsec.com/blog

NIST Can't Keep Up. Now What?

John Z Black Apr 16, 2026

Vulnerabilities & Patching #NVD #NIST #CVE #vulnerability management #SAP #patch management

NIST just admitted the NVD can't score every CVE anymore. With a 263% surge in vulnerability volume, thousands of bugs are going unenriched. Your patch workflow needs to catch up.

Read More

Smart Ships, Dumb Attack Surface

John Z Black Apr 16, 2026

Incidents & Breaches #maritime security #OT security #infrastructure #Starlink #smart ships

Maritime cyber incidents doubled in 2025. Attackers are now fabricating commands through satellite links. When the network goes down, the ship goes with it.

Read More

The CFO on Your Screen Might Not Be Real

John Z Black Apr 16, 2026

AI Security #deepfake #AI Security #social engineering #vishing #identity fraud

Attackers deepfaked a CFO on a live Zoom call and walked away with $25.6M. Detection tools get it wrong half the time. Here's what actually works.

Read More

The Licensed Digital Weapon Is Already Here

John Z Black Apr 16, 2026

AI Security #AI Security #GPT-5 #Anthropic #vulnerability research #prompt injection

OpenAI and Anthropic have shipped purpose-built cybersecurity AI with reduced safety restrictions. The era of licensed digital weapons isn't coming. It arrived.

Read More

Patch This Week: Two Fortinet CVEs Due Tomorrow, Six More Due April 27, and NIST Changed How NVD Works

John Z Black Apr 15, 2026

Vulnerabilities & Patching #vulnerability-management #cisa-kev #nist #nvd #fortinet #showdoc #google-pixel #patch-management #cve

Two Fortinet CVEs have a federal remediation deadline of April 16. A separate six-CVE batch is due April 27. NIST restructured NVD prioritization because CVE volume is up 30%. And 2,000+ ShowDoc servers are still unpatched.

Read More

When the Breach Isn't at Your Bank: Third-Party Risk Hits Healthcare and Finance in the Same Week

John Z Black Apr 15, 2026

Incidents & Breaches #data-breach #third-party-risk #healthcare #financial-services #springfield-hospital #marquis #lapsus #vendor-risk

A hospital email account, a fintech ransomware attack still sending notifications eight months later, and a Lapsus$ claim against a financial vendor. Third-party concentration risk landed in two sectors at once this week.

Read More