my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog

Mostly security stuff...

Make sure you check out my main blog at https://gnerdsec.com/blog

Kaplan and Mazda Both Disclosed Breaches This Week. Both Happened Months Ago.

John Z Black Mar 24, 2026

Incidents & Breaches #kaplan #mazda #data-breach #breach-notification #ssn #identity-theft #class-action #delayed-disclosure

Kaplan's breach exposed SSNs for 173,000+ people in October 2025. Victims found out in March 2026. Mazda disclosed a December breach the same week. Both timelines are legal. That's the problem.

Read More

Operation Synergia III: 45,000 Malicious IPs Down, 94 Arrested, 72 Countries In

John Z Black Mar 24, 2026

Ransomware & Cybercrime #interpol #operation-synergia #cybercrime #enforcement #phishing #ransomware

Interpol's Operation Synergia III ran six months across 72 countries, sinkholed 45,000 malicious IPs, and made 94 arrests. International cybercrime enforcement is getting better at this.

Read More

The FBI Is Buying Your Location Data. No Warrant Required.

John Z Black Mar 24, 2026

Privacy & Digital Rights #fbi #location-data #data-brokers #surveillance #privacy #whatsapp #fourth-amendment

FBI Director Kash Patel confirmed the FBI purchases bulk location data from commercial brokers with no warrant. The agency had previously said it stopped. It didn't.

Read More

Two Tools Published This Week Just Broke Chrome's Encryption and Bypassed Your MFA

John Z Black Mar 23, 2026

Threat Intelligence #voidstealer #astaroth #chrome #mfa #credential-theft #phishing #fido2 #passkeys

VoidStealer cracked Chrome's Application-Bound Encryption via a debugger trick, while Astaroth defeats SMS, TOTP, and push MFA in real time -- and the only method that survives both is FIDO2.

Read More

The Week the Infrastructure Fought Back (and Lost)

John Z Black Mar 23, 2026

Weekly Recap #the-week-in-cyber #mobile-security #supply-chain #identity #iran #dprk #ransomware #ai-fraud #threat-intelligence

The week of March 16-22 hit management planes, identity infrastructure, and security tooling itself -- and North Korea kept hiring.

Read More

Proton Mail Helped the FBI Identify an Anonymous Protestor. Here's What That Actually Means.

John Z Black Mar 23, 2026

Privacy & Digital Rights #proton-mail #privacy #metadata #fbi #encrypted-email #surveillance

Proton Mail's encryption worked fine -- it was metadata that gave the anonymous Stop Cop City protestor away, and most users still don't understand the difference.

Read More