John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

I haven't yet decided exactly what kind of content I intend to post here. I love cooking and taking pictures so initially I'll probably just share recipes, photos and that kind of thing.

If I really start using the space I may expand on the blog capabilities. For now I'm keeping it quite simple.

An Identity Theft Protection Company Was Just Hacked by a Phone Scammer

John Z Black Mar 22, 2026

Incidents & Breaches #data breach #vishing #social engineering #identity protection #Aura #consumer security

Aura sells identity protection. A scammer called one employee, said the right things, and walked out with data on 900,000 people. The irony is real, but the lesson is bigger.

The Toolchain Turned Hostile: Trivy and Langflow Show Security Pipeline Fragility

John Z Black Mar 21, 2026

Vulnerabilities & Patching #supply-chain #trivy #langflow #ci-cd #github-actions #ai-security #devsecops #gsocket

A compromised Trivy vulnerability scanner and an AI pipeline builder exploited within 20 hours of disclosure reveal a deepening problem: the tools developers trust for security are becoming high-value attack targets.

Patch Weekend Is Here: Why Oracle IAM and Cisco FMC Can't Wait

John Z Black Mar 21, 2026

Vulnerabilities & Patching #oracle #cisco #cisa #patching #identity-manager #rce #kev #enterprise-security

Oracle pushed an emergency out-of-band patch for a critical identity manager RCE. CISA set a Sunday deadline on a max-severity Cisco firewall management flaw. Both hit identity and perimeter management simultaneously.

iPhone Exploit Kits Go Mainstream: DarkSword, Coruna, and the End of 'iOS Is Enough'

John Z Black Mar 21, 2026

Vulnerabilities & Patching #ios #apple #darksword #coruna #mobile-security #exploit-kit #zero-day #nation-state

New research from Google, iVerify, and Lookout confirms iOS exploit kits have moved from rare targeted spyware to website-level deployment against broad populations. A companion toolkit was found targeting US government officials specifically.

The Insider Front Door: How Legitimate Access Keeps Becoming Extortion

John Z Black Mar 21, 2026

Incidents & Breaches #insider-threat #north-korea #extortion #access-management #workforce-fraud #contractor-risk

A data analyst extorted his employer for $2.5M using access his job gave him. Three Americans helped North Korean operatives infiltrate US companies as fake IT workers. Different crimes, same root problem.

Handala, Publicly Attributed: What the FBI Seizure Changes About Iran Cyber Signaling

John Z Black Mar 21, 2026

Threat Intelligence #iran #handala #mois #fbi #attribution #nation-state #wiper #threat-intelligence

The FBI seized Handala's sites and released a 40-page warrant formally linking the group to Iran's intelligence ministry. Attribution just moved from analyst opinion to federal court filing.