John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
Hackers Claim an AstraZeneca Breach. Here's What We Know (Which Isn't Much Yet).
Lapsus$ is claiming they stole 3GB of AstraZeneca data including source code and credentials. AstraZeneca hasn't responded. Nothing's been independently verified. Here's why it's still worth watching.
Read More
Tycoon2FA Is Back. It Never Really Left.
Europol disrupted Tycoon2FA on March 4. Recovery started the same day. No arrests. By March 23 it was fully operational again. Here's why infrastructure-only takedowns keep failing.
Read More
CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet
TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.
Read More
RSAC 2026 Day One: Every Vendor Went Agentic, the Government Went Missing
RSAC 2026 opened with a wave of autonomous AI security launches from Google, Microsoft, CrowdStrike, and Wiz. Reportedly absent from the program: CISA, the FBI, and the NSA.
Read More
Someone Is Broadcasting a Numbers Station Through the Iran War
Since US and Israeli strikes on Iran began on February 28, a shortwave numbers station at 7910 kHz has been broadcasting in Farsi twice daily. Signal analysis points toward Ramstein Air Base.
Read More
M-Trends 2026: The 22-Second Stat Everyone Is Misreading
Mandiant's M-Trends 2026 report is getting misquoted everywhere. The 22-second ransomware handoff is real -- but it's not what you think, and the dwell time stat buried in the report is scarier.
Read More