John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
Citrix Patches CVE-2026-3055 in NetScaler: A 9.3 Memory Flaw That Looks a Lot Like CitrixBleed
Citrix patched a CVSS 9.3 unauthenticated memory read in NetScaler ADC and Gateway that can leak session tokens. No active exploitation yet, but the history of CitrixBleed says don't wait.
Read More
CanisterWorm: TeamPCP Hides Its C2 on a Blockchain You Can't Take Down
TeamPCP's new wiper, CanisterWorm, uses an ICP blockchain canister as its C2 resolver -- no domain to seize, no server to kill. And it now runs on any system, not just Kubernetes.
Read More
Russian 'Key Seller' Who Helped Ransomware Gangs Break Into Victims Gets Nearly 7 Years
Aleksei Volkov, a 26-year-old Russian initial access broker for the Yanluowang ransomware gang, was sentenced to 81 months in federal prison and ordered to pay over $9 million in restitution. He made one mistake: he left Russia.
Read More
The Trivy Domino: How One Poisoned Security Tool Spread to a Thousand Cloud Environments
A poisoned Trivy Docker image grew into one of the year's worst CI/CD compromises. Thousands of pipelines ran the payload, LiteLLM got backdoored on PyPI, and the attackers built a three-part kit designed to hit Kubernetes clusters and stay.
Read More
Japan's AI-Powered Political Party Won 11 Seats. Bruce Schneier Says Pay Attention.
Team Mirai won 11 seats in Japan's House of Representatives using AI for constituent engagement at scale. Bruce Schneier calls it a reason for optimism. The harder question is what happens when less idealistic actors use the same playbook.
Read More
Searching for Tax Forms? Malicious Google Ads Want to Kill Your Antivirus First
A malvertising campaign running since January targets W2 and W9 searchers with a kill chain that disables endpoint security at the kernel level before installing remote access malware. Your antivirus can't stop it once it's running.
Read More