John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
The FTC Took on a Data Broker Tracking Abortion Clinic Visits. And Won.
The FTC's settlement with Kochava bans the company from selling sensitive location data and requires deletion of existing records, including data showing visits to abortion clinics, shelters, and rehab centers.
Read More
Crunchyroll Got Breached. Their Systems Were Never Touched.
6.8 million Crunchyroll users had their data stolen through a three-hop attack chain that went from a vendor's infected laptop through Okta into Crunchyroll's customer service platform, without ever touching Crunchyroll's own systems.
Read More
31.4 Terabits in 35 Seconds: Cloudflare's New Threat Report Shows Attacks Have Gone Industrial
Cloudflare's 2026 threat report documents a record-breaking 31.4 Tbps DDoS attack and reveals that 94% of bot-driven login attempts now bypass MFA by stealing session tokens instead of passwords.
Read More
CAPTCHAs Are Dead. AI Killed Them. Now What?
AI now solves every major CAPTCHA type faster and more reliably than humans, commercial solving services sell API access for fractions of a cent, and the two-decade era of 'click the fire hydrant' is over.
Read More
Your Security Camera Is Probably Someone Else's Window Into the War
Nation-states are routinely hacking unpatched IP cameras to gather physical intelligence during active conflicts, and the cameras being targeted are the cheap, forgotten ones in your building's lobby.
Read More
TeamPCP Is Not a Hacker Group Anymore. It's a Cloud Crime Platform.
TeamPCP has graduated from opportunistic attacker to full-spectrum criminal platform -- with blockchain C2 that law enforcement can't seize and a live ransomware affiliate program that costs $250 to join.
Read More