my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

Mostly security stuff...

Make sure you check out my main blog at https://gnerdsec.com/blog

An AI Found a 13-Year-Old RCE in ActiveMQ in 10 Minutes

John Z Black Apr 11, 2026

AI Security #activemq #cve-2026-34197 #rce #ai-security-research #claude #jolokia #vulnerability-research #horizon3

CVE-2026-34197 sat undetected in Apache ActiveMQ for 13 years. Claude found it in 10 minutes by tracing a cross-subsystem exploit chain no human auditor had connected.

Read More

Syria's Government Got Hacked. The Method Was Probably 'No Password Policy.'

John Z Black Apr 10, 2026

Incidents & Breaches #syria #account-takeover #credentials #mfa #social-media-security #government-security #digital-hygiene

Multiple Syrian government X accounts fell at the same time in March 2026. The likely method wasn't a sophisticated attack. It was shared credentials and no MFA. Your organization has a version of this story too.

Read More

Microsoft's Security Theater, Two Acts

John Z Black Apr 10, 2026

Policy, Law & Governance #microsoft #fedramp #gcc-high #wireguard #veracrypt #government-cloud #open-source-security #security-theater

FedRAMP reviewers called Microsoft's government cloud documentation 'a pile of shit' and authorized it anyway. Same week, Microsoft silently locked out the developers of WireGuard and VeraCrypt. Two stories, same company, same problem.

Read More

MFA Isn't the Final Barrier Anymore. It Hasn't Been for a While.

John Z Black Apr 10, 2026

Security Operations & Resilience #mfa #phishing #aitm #fido2 #chrome-dbsc #venom-phaas #unc6783 #infostealers #identity-security

Three research teams this week documented MFA failures at login, at the helpdesk layer, and post-session. The answer isn't more MFA. It's hardware-bound authentication.

Read More

France's Linux Move Isn't About Linux

John Z Black Apr 10, 2026

Policy, Law & Governance #france #linux #digital-sovereignty #eu #us-tech #open-source #geopolitics #anssi

France isn't migrating government workstations to Linux because it's technically better. It's doing it because the US demonstrated it can turn off American tech platforms for foreign governments whenever it wants.

Read More

The FBI Used Your Router. They Had a Court Order. This Is the Third Time.

John Z Black Apr 10, 2026

Policy, Law & Governance #apt28 #fbi #operation-masquerade #forest-blizzard #gru #router-security #cyber-policy #nation-state

Operation Masquerade gave the FBI court authority to issue remote commands to privately owned home routers in 23 states, removing APT28's foothold. It worked. It also raises questions worth sitting with.

Read More