my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

Mostly security stuff...

Make sure you check out my main blog at https://gnerdsec.com/blog

Russian Hackers Are Going Back to Old Victims to Check If the Door's Still Open

John Z Black Apr 4, 2026

Threat Intelligence #russia #apt28 #fancy-bear #void-blizzard #cert-ua #ukraine #persistence #social-engineering

CERT-UA warns APT28 and Void Blizzard are revisiting old compromises, testing dormant access, and calling targets directly in fluent Ukrainian. Incident response has an expiration date. Attackers don't.

Read More

Researchers Broke Cloud GPU Isolation With a Memory Trick Nobody Can Patch

John Z Black Apr 4, 2026

Vulnerabilities & Patching #nvidia #gpu #rowhammer #cloud-security #hardware-vulnerability #ai-infrastructure

Three new Rowhammer attacks on Nvidia GPUs let a shared cloud tenant escalate to root on the host. It's a hardware flaw. There's no fix. And nobody's talking.

Read More

Delete This Web Shell and It Grows Back. Thanks, Cron.

John Z Black Apr 4, 2026

Threat Intelligence #webshell #php #cookie-c2 #linux #persistence #microsoft-defender

Microsoft found PHP web shells that take commands through cookies instead of URLs. Delete them and a cron job rebuilds them. Your WAF probably can't see any of it.

Read More

OpenClaw's Sixth Pairing Bug in Six Weeks Is a Full Admin Takeover

John Z Black Apr 4, 2026

Vulnerabilities & Patching #openclaw #cve-2026-33579 #privilege-escalation #ai-agents #supply-chain

CVE-2026-33579 lets anyone with the lowest access level become full admin on OpenClaw. It's the sixth pairing CVE in six weeks, and 63% of instances run without auth.

Read More

LinkedIn's Been Scanning Your Chrome Extensions. All 6,000 of Them.

John Z Black Apr 4, 2026

Privacy & Digital Rights #linkedin #microsoft #browser-fingerprinting #chrome-extensions #gdpr #privacy

Research confirmed LinkedIn scans for 6,236 Chrome extensions and fingerprints your browser without telling you. Microsoft says it's for your protection. The extension list says otherwise.

Read More

One IT Admin Locked 254 Servers. T-Mobile Lost Another Insider. Same Day.

John Z Black Apr 4, 2026

Incidents & Breaches #insider-threat #t-mobile #privileged-access #extortion #data-breach

A Kansas City engineer held his employer hostage for 20 bitcoin while T-Mobile quietly filed yet another insider breach. Privileged access is still the hardest problem in security.

Read More