John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
AI Is Now Both the Weapon and the Target
Slopoly is AI-generated malware used in a live ransomware attack. Microsoft Copilot can be hijacked through emails you just receive. AI security isn't future-tense anymore.
Read More
Your Old iPhone Is Under Active Attack. Update It Today.
Apple issued an emergency patch for older iPhones and iPads to fix actively exploited Coruna WebKit vulnerabilities. If you have an old device you haven't updated, this is when that delay becomes a real problem.
Read More
The Ransomware 'Negotiator' Was Running the Attack: DigitalMint's $75M Double Cross
Federal charges reveal DigitalMint's ransomware negotiators were allegedly running the attacks themselves. The second employee charged in the same operation. This wasn't a rogue employee. It was the business model.
Read More
North Korea Behind Polyfill.io? Supply Chain Poisoning Just Got a State Sponsor
Forensic research links the Polyfill.io supply chain attack to a North Korean operative. The same week, a CVSS 9.8 RCE hits the simple-git npm library. Your dependency graph is your attack surface.
Read More
Veeam Has Seven Critical RCE Flaws and Ransomware Operators Are Paying Attention
Seven simultaneous unauthenticated RCE vulnerabilities in Veeam Backup & Replication. This is a ransomware operator's wishlist, and it all dropped at once. Patch now.
Read More
Your MFA and Your ZIP Scanner Both Have Blind Spots Attackers Are Already Using
Adversary-in-the-Middle phishing beats standard MFA in real time. Zombie ZIP tricks archive scanners into waving malware through. Two trusted security controls, two systematic bypasses already in the wild.
Read More