John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
FBI Says China Hacked Its Surveillance Systems, Triggers 'Major Incident' Classification
The FBI classified a suspected Chinese intrusion into law enforcement surveillance infrastructure as a FISMA major incident, forcing Congressional notification within days.
Read More
Drift Protocol Lost $285M Because Two People Signed the Wrong Thing
Attackers social-engineered two multisig signers and used Solana's durable nonce feature to pre-sign transactions that drained Drift Protocol. No code exploit needed.
Read More
Claude Code's Leaked Source Spawned Malware and a DMCA Disaster
Threat actors turned Anthropic's leaked source into a Vidar infostealer campaign within 24 hours. Then Anthropic's DMCA response nuked 8,100 innocent repos.
Read More
Two Active Campaigns Are Using WhatsApp as the Front Door
A VBS-based Windows hijack and an Italian spyware operation are both running through WhatsApp right now. Your chat app is a threat vector.
Read More
TeamPCP's First Confirmed Victim Lost Passport Scans and Video Interviews
AI hiring platform Mercor confirmed a breach tied to the LiteLLM compromise. The stolen data includes passport scans and video interviews you can't exactly rotate like a password.
Read More
A Full Android Rootkit Hid in Google Play for Months. 2.3 Million Downloads.
McAfee found a full rootkit hiding in 50+ Google Play apps. It roots your phone, survives factory resets, and hijacks WhatsApp sessions. 2.3 million devices already got it.
Read More