John Z Black

Microsoft's Device Code Auth Is Now a Criminal Subscription Service

John Z Black Apr 2, 2026

Ransomware & Cybercrime #phishing #microsoft-365 #device-code #eviltokens #bec #phaas #credential-theft

EvilTokens sells device code phishing as a service on Telegram. Over 340 orgs compromised, and victims never see a fake login page.

Read More

Claude Found RCEs in Vim and Emacs. Only One Got Patched.

John Z Black Apr 2, 2026

AI Security #ai-security #anthropic #vim #emacs #rce #vulnerability-discovery #claude

A researcher used Claude to find file-open RCEs in both Vim and Emacs. Vim patched immediately. Emacs says it's Git's problem. Meanwhile, leaked details of Anthropic's 'Mythos' model suggest AI offensive capabilities are approaching nation-state level.

Read More

Hackers Impersonated Ukraine's CERT to Push Malware as a 'Security Tool'

John Z Black Apr 2, 2026

Threat Intelligence #ukraine #cert-ua #impersonation #agewheeze #cyber-serp #phishing #rat

Pro-Russia group Cyber Serp sent fake CERT-UA emails carrying a RAT disguised as a protection tool. They claimed 200K infections. Reality was a handful.

Read More

North Korea Backdoored Axios for Three Hours. That Was Enough.

John Z Black Apr 2, 2026

Threat Intelligence #npm #supply-chain #north-korea #axios #dprk #waveshaper #unc1069

DPRK hackers hijacked the Axios npm package, deploying a self-erasing backdoor across 100 million weekly downloads. Three hours was all they needed.

Read More

Anthropic Accidentally Put Claude Code's Source on npm. Again.

John Z Black Mar 31, 2026

AI Security #anthropic #claude-code #npm #source-map #supply-chain #ai-security

Read More

Axios Was Backdoored to Install a RAT. And It Left No Traces.

John Z Black Mar 31, 2026

Threat Intelligence #npm #supply-chain #axios #rat #malware #javascript #maintainer-compromise

Read More