John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
Washington Decided an AI Model Was a Systemic Risk. Then It Gave Banks Access to It.
Treasury Secretary Bessent and Fed Chair Powell held an emergency summit with bank CEOs over Anthropic's Mythos AI. Then major banks quietly got private access to it through Project Glasswing. The government's response is the story.
Read More
IBM Says Opacity Is a Security Risk. With August Four Months Away, That Argument Now Has a Deadline.
IBM's chief commercial officer argues AI at infrastructure scale must be open and inspectable. With the EU AI Act going into full enforcement in August and Anthropic's Mythos still behind a private access program, this governance debate has a hard date.
Read More
Your 2012 Security Debt Is Someone Else's 2026 Attack Vector
CISA added seven CVEs to its Known Exploited Vulnerabilities catalog. One of them was first patched in 2012. Attackers don't need zero-days when your backlog does the work for them.
Read More
They Didn't Get Your Password. They Got Everything Else.
Booking.com forced PIN resets. Basic-Fit disclosed a breach hitting roughly one million EU gym members. No passwords were stolen, both companies say. That's not the reassurance it sounds like.
Read More
Your WordPress Plugin Auto-Updated. Now You Have Six Backdoors.
Attackers hijacked the Smart Slider 3 Pro update server and pushed a six-layer backdoor to 900,000 sites. The must-use plugin it installed doesn't show up in your WordPress dashboard. Deleting the plugin doesn't remove it.
Read More
The Math Does Not Work Anymore: Why Patching Faster Is No Longer Enough
Qualys analyzed a billion CISA KEV remediation records and found attackers are weaponizing critical vulns an average of seven days before patches exist. The human-scale remediation model has hit a structural ceiling.
Read More