John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

I haven't yet decided exactly what kind of content I intend to post here. I love cooking and taking pictures so initially I'll probably just share recipes, photos and that kind of thing.

If I really start using the space I may expand on the blog capabilities. For now I'm keeping it quite simple.

Your Old iPhone Is Under Active Attack. Update It Today.

John Z Black Mar 13, 2026

Consumer Security #apple #ios #webkit #coruna #patch #mobile-security #active-exploitation

Apple issued an emergency patch for older iPhones and iPads to fix actively exploited Coruna WebKit vulnerabilities. If you have an old device you haven't updated, this is when that delay becomes a real problem.

The Ransomware 'Negotiator' Was Running the Attack: DigitalMint's $75M Double Cross

John Z Black Mar 13, 2026

Ransomware #ransomware #incident-response #digitalmint #blackcat #vendor-risk #extortion

Federal charges reveal DigitalMint's ransomware negotiators were allegedly running the attacks themselves. The second employee charged in the same operation. This wasn't a rogue employee. It was the business model.

North Korea Behind Polyfill.io? Supply Chain Poisoning Just Got a State Sponsor

John Z Black Mar 13, 2026

Supply Chain Security #supply-chain #north-korea #polyfill #npm #simple-git #javascript #cve

Forensic research links the Polyfill.io supply chain attack to a North Korean operative. The same week, a CVSS 9.8 RCE hits the simple-git npm library. Your dependency graph is your attack surface.

Veeam Has Seven Critical RCE Flaws and Ransomware Operators Are Paying Attention

John Z Black Mar 13, 2026

Vulnerability Intelligence #veeam #ransomware #rce #backup #patch #enterprise

Seven simultaneous unauthenticated RCE vulnerabilities in Veeam Backup & Replication. This is a ransomware operator's wishlist, and it all dropped at once. Patch now.

Your MFA and Your ZIP Scanner Both Have Blind Spots Attackers Are Already Using

John Z Black Mar 12, 2026

Security Controls #mfa #phishing #aitm #starkiller #zombie-zip #fido2 #passkeys #security-controls #defense

Adversary-in-the-Middle phishing beats standard MFA in real time. Zombie ZIP tricks archive scanners into waving malware through. Two trusted security controls, two systematic bypasses already in the wild.

Your Enterprise SaaS Is Getting Picked Apart: Salesforce Hit Three Times, Michelin Breached Through Oracle EBS

John Z Black Mar 12, 2026

Enterprise Security #salesforce #oracle #enterprise-saas #data-breach #erp #crm #application-security #michelin

Salesforce just dropped its third Experience Cloud security alert in six months. Michelin got popped through Oracle EBS. Attackers aren't breaking down your perimeter anymore. They're walking straight through your business apps.