John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
AI Export Controls Are Now a SOC Problem, Not Just a Legal Memo
New enforcement activity pushes export-control risk into day-to-day security operations, especially around access, logging, and partner workflows.
Read More
AI Exploits in Hours: The Patch Window Just Collapsed
Rapid exploitation plus cross-platform AI exposure means next-sprint patching is no longer a safe operating model.
Read More
Messaging and Collaboration Infrastructure Is Still an APT-Friendly Entry Point
Zimbra exploitation, Roundcube sanitizer bypasses, and OpenSIPS auth-bypass risk all point to one truth: communication infrastructure remains a high-value route to durable access.
Read More
Breach Impact Without a Single Archetype: Vendor, Insider, and Nation-State Pressure
Navia, Aura, an insider ransomware conviction, and Lazarus attribution show why breach readiness should be built around resilient process, not assumptions about attacker type.
Read More
AI Security Is Splitting Into Two Fronts: Governance Controls and Exploitable Plumbing
Enterprise AI security now requires two disciplines at once: policy-level governance for agents and hard application security work in the toolchain beneath them.
Read More
Attacker Scale in 2026: Botnets, EDR Killers, and Phishing-as-Operations
From BYOVD-based EDR suppression to tax-season phishing pipelines and botnet disruption, attacker scale now comes from operational integration, not one breakthrough trick.
Read More