John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

I haven't yet decided exactly what kind of content I intend to post here. I love cooking and taking pictures so initially I'll probably just share recipes, photos and that kind of thing.

If I really start using the space I may expand on the blog capabilities. For now I'm keeping it quite simple.

Google Swallowed Wiz for $32 Billion. OpenAI Bought an LLM Red-Team Firm. Same Day.

John Z Black Mar 12, 2026

Industry #google #wiz #openai #promptfoo #mergers-acquisitions #cloud-security #ai-security #cspm #enterprise

Google closed its $32B Wiz acquisition while OpenAI snapped up Promptfoo, an AI security startup. Two deals, one message: the biggest platforms are making security a built-in feature, not something they outsource.

Developer Supply Chains Under Coordinated Assault: 88 Malicious npm Packages and a CVSS 9.8 in simple-git

John Z Black Mar 12, 2026

Developer Security #npm #supply-chain #developer-security #phantomraven #simple-git #ci-cd #aws #devsecops

PhantomRaven dropped 88 malicious npm packages targeting AWS credentials and CI secrets. A critical RCE in simple-git threatens millions of dev environments. Your developer toolchain is a target.

March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now

John Z Black Mar 12, 2026

Patch Tuesday #patch-tuesday #microsoft #zero-day #solarwinds #cisa #cve #vulnerability-management

Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.

Your AI Automation Platform Is a Backdoor: n8n RCE and a 4-Minute AI Browser Phishing Attack

John Z Black Mar 12, 2026

Vulnerabilities #n8n #ai-security #automation #prompt-injection #cve-2025-68613 #cisa #agentic-ai #perplexity

CISA flagged an actively-exploited RCE in n8n with 24,700 exposed instances. Researchers turned Perplexity's AI browser into a phishing tool in under four minutes. When software acts for you, it can be turned against you.

Iran Hit a Medical Device Giant, a NATO Parliament, and Your Instagram Feed on the Same Day

John Z Black Mar 12, 2026

Threat Intelligence #iran #handala #stryker #wiper-attack #critical-infrastructure #influence-operations #nato #threat-intelligence

March 11 wasn't three separate cyberattacks. It was one coordinated Iranian campaign across three fronts: a wiper on Stryker, a breach of Albania's parliament, and an influence op on Instagram. All in 24 hours.

BlackSanta Kills Your EDR Before You Even Know You're Hit — and It's Coming Through HR

John Z Black Mar 11, 2026

Malware #malware #edr #endpoint-security #phishing #hr-security #blacksanta

New malware called BlackSanta disables your endpoint detection, and it's getting in through HR inboxes. That combo is nastier than it sounds.