my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

Mostly security stuff...

Make sure you check out my main blog at https://gnerdsec.com/blog

Your Encrypted Messaging App Is Secure. Your Account Isn't.

John Z Black Apr 5, 2026

Threat Intelligence #signal #whatsapp #ncsc #account-hijacking #social-engineering #russia

The NCSC warns that Russian hackers are hijacking Signal and WhatsApp accounts through social engineering, not by breaking encryption.

Read More

Device Code Phishing Is Up 37.5x and Ten Kits Are Competing for Market Share

John Z Black Apr 5, 2026

Ransomware & Cybercrime #device-code-phishing #oauth #phishing-kits #eviltokens #mfa-bypass #phaas

Device code phishing attacks surged 37.5x in 2026 with at least ten competing kits now selling the technique to low-skill criminals.

Read More

CrowdStrike and Microsoft Are Sharing Data Now. Yes, Really.

John Z Black Apr 5, 2026

Security Operations & Resilience #crowdstrike #microsoft #defender #siem #partnership #falcon

CrowdStrike's Falcon SIEM can now ingest Microsoft Defender telemetry, and Formula 1 is somehow responsible.

Read More

Akira Ransomware Can Encrypt Your Network in Under an Hour

John Z Black Apr 5, 2026

Ransomware & Cybercrime #akira #ransomware #incident-response #speed #halcyon

Akira ransomware completes full attack lifecycles in under an hour, making traditional detect-and-respond strategies basically useless.

Read More

CISA's Getting a $700M Haircut While Feds Post Gate Codes on Quizlet

John Z Black Apr 4, 2026

Policy, Law & Governance #cisa #budget #federal-security #cbp #opsec

The White House wants to slash CISA by up to $707 million. The same week, CBP facility gate codes showed up on public flashcard apps. Two symptoms of the same disease.

Read More

TeamPCP Hacked the European Commission Through a Security Scanner

John Z Black Apr 4, 2026

Incidents & Breaches #teampcp #european-commission #supply-chain #shinyhunters #cert-eu

TeamPCP breached the European Commission via a poisoned version of Trivy. Data from 30+ EU entities got exposed. ShinyHunters leaked it all. The irony of a security tool being the attack vector writes itself.

Read More