Blog

165 CVEs in One Day. Two Zero-Days. One Kerberos Bug That Should Have Your Full Attention.

John Z Black Apr 14, 2026

Vulnerabilities & Patching #patch-tuesday #microsoft #cve #kerberos #cisa-kev #forticlient #zero-day

Microsoft dropped 165 CVEs today including two zero-days, a critical Kerberos credential relay vulnerability, and a FortiClient EMS flaw with a 48-hour CISA deadline. Here's how to prioritize.

Your Antivirus Won't Catch This. Here's Why.

John Z Black Apr 14, 2026

Threat Intelligence #msbuild-lolbin #fileless-malware #shadow-reactor #vbs #powershell #evasion #detection-gap

MSBuild is a Microsoft-signed Windows binary. SHADOW#REACTOR chains VBScript to PowerShell to a payload disguised as plain text. Both campaigns share one design principle: look like the environment, not like malware. Multiple independent threat actors are converging on the same technique, and most defenders aren't ready for it.

Your Phone, Your Browser, Your Router. All Still Working. All Compromised.

John Z Black Apr 14, 2026

Threat Intelligence #mirax #android-rat #chrome-extensions #apt28 #frost-armada #operation-masquerade #dns-hijacking #malware

220,000 Android phones recruited into a criminal proxy network via Facebook ads. 108 Chrome extensions in the official Web Store harvesting Google and Telegram credentials. Russia's GRU running DNS hijacks through 18,000 home routers until law enforcement shut it down. Three campaigns, one pattern: your device keeps working while someone else uses it.

Researchers Turned a Fiber Optic Cable Into a Listening Device. Your RF Scanner Won't Find It.

John Z Black Apr 14, 2026

Security Operations & Resilience #fiber-optic #eavesdropping #physical-security #wiretap #surveillance #ndss-2026 #acoustic-sensing

New research from NDSS 2026 demonstrates that standard fiber optic cables can reconstruct conversations in adjacent rooms using off-the-shelf commercial equipment. No network access. No credentials. No software. And it bypasses both RF scanners and ultrasonic jammers, the two most common counter-surveillance tools.

The Breach Happened in February 2025. Patients Are Just Hearing About It Now.

John Z Black Apr 14, 2026

Incidents & Breaches #dermcare #healthcare #data-breach #hipaa #practice-management #patient-data

DermCare Management, which handles billing and records for dozens of dermatology practices, suffered a breach in February 2025. They confirmed it in March 2026. Patients are getting notified now. The exposed data includes Social Security numbers, financial account info, and medical records.

Four Unrelated Reports Dropped on the Same Day and Said the Same Thing

John Z Black Apr 14, 2026

AI Security #anthropic #project-glasswing #ai-security #stanford-hai #ciso #vulnerability-research

Anthropic launched Project Glasswing. Stanford showed AI agents solve security problems 93% of the time. A separate analysis of 216 million findings showed critical risk is up 400%. And 67% of CISOs can't see where AI is running in their own environments. All today.