John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
The AI Threat Window Is Open. Security Leaders at RSAC Are Saying So Out Loud.
Kevin Mandia called the next two years a 'perfect storm for offense' at RSAC 2026, and the evidence landed the same week.
Read More
Iran Is Running Every Cyberattack at Once
Iran isn't running a cyber campaign right now. It's running all of them simultaneously, and Unit 42's latest brief documents exactly that.
Read More
GitHub Is Becoming a Minefield for Developers. Most of Them Have No Idea.
Three simultaneous attacks on GitHub's trust signals -- fake stars, weaponized security alerts, and a scanning bug that let 72 malicious extensions slip through -- show the reputation infrastructure developers rely on is broken.
Read More
Europe's Week: Fining Musk's AI, Rejecting Surveillance Powers, and Getting Hacked
In 48 hours, Europe fined xAI's Grok, voted to let CSAM scanning expire, had its Commission cloud breached, and watched its police force get phished.
Read More
So Bad That German Police Knocked on Doors: The PTC Windchill Flaw Now in CISA's KEV
A critical RCE flaw in PTC Windchill hit CISA's KEV with no patch available yet, and German police started showing up at factory doors in person to warn companies.
Read More
China's BPFDoor Got an Upgrade. Passive Defenses Still Can't See It.
Red Menshen's upgraded BPFDoor backdoor now hides even better inside telecom backbone networks, and the only way to find it is active threat hunting that most carriers aren't doing.
Read More