Blog

Google Says You Have Until 2029 to Get Ready for Post-Quantum Encryption. That's Three Years.

John Z Black Apr 7, 2026

Security Operations & Resilience #post-quantum #pqc #encryption #google #nist #cryptography #quantum-computing

Google moves its internal post-quantum cryptography deadline to 2029, signaling that everyone else should already be planning.

A Disgruntled Researcher Just Handed Every Attacker a Free Windows Privilege Escalation Exploit

John Z Black Apr 7, 2026

Vulnerabilities & Patching #windows #zero-day #privilege-escalation #bluehammer #exploit #microsoft #msrc

A frustrated researcher publicly released BlueHammer, a working Windows privilege escalation zero-day, after clashing with Microsoft's disclosure process.

The Man Behind REvil and GandCrab Finally Has a Name. He's Still Free.

John Z Black Apr 7, 2026

Ransomware & Cybercrime #revil #gandcrab #unkn #shchukin #bka #ransomware #law-enforcement

Germany's BKA publicly identifies the leader behind GandCrab and REvil ransomware, confirming years of researcher suspicion.

The AI That Found Every Bug: Anthropic's Mythos, Project Glasswing, and the End of Security as We Know It

John Z Black Apr 7, 2026

AI Security #anthropic #claude-mythos #project-glasswing #zero-day #ai-security #vulnerability-research #cybersecurity

China's TA416 Is Back in Europe After Two Years. They Brought New Tricks.

John Z Black Apr 6, 2026

Threat Intelligence #china #ta416 #plugx #oauth #phishing #espionage #eu #apt

TA416 has resumed targeting EU government and diplomatic organizations with PlugX malware, now abusing OAuth redirects to slip past traditional phishing defenses.

AI-Written Phishing Emails Get Clicked 450% More Often. The Data Is In.

John Z Black Apr 6, 2026

AI Security #ai #phishing #microsoft #rsac-2026 #tycoon2fa #mfa-bypass #social-engineering

Microsoft telemetry shows AI-assisted phishing lures hit a 54% click-through rate versus 12% for traditional campaigns, a 450% increase that breaks conventional security awareness training.