Blog

Your Enterprise SaaS Is Getting Picked Apart: Salesforce Hit Three Times, Michelin Breached Through Oracle EBS

John Z Black Mar 12, 2026

Enterprise Security #salesforce #oracle #enterprise-saas #data-breach #erp #crm #application-security #michelin

Salesforce just dropped its third Experience Cloud security alert in six months. Michelin got popped through Oracle EBS. Attackers aren't breaking down your perimeter anymore. They're walking straight through your business apps.

Google Swallowed Wiz for $32 Billion. OpenAI Bought an LLM Red-Team Firm. Same Day.

John Z Black Mar 12, 2026

Industry #google #wiz #openai #promptfoo #mergers-acquisitions #cloud-security #ai-security #cspm #enterprise

Google closed its $32B Wiz acquisition while OpenAI snapped up Promptfoo, an AI security startup. Two deals, one message: the biggest platforms are making security a built-in feature, not something they outsource.

Developer Supply Chains Under Coordinated Assault: 88 Malicious npm Packages and a CVSS 9.8 in simple-git

John Z Black Mar 12, 2026

Developer Security #npm #supply-chain #developer-security #phantomraven #simple-git #ci-cd #aws #devsecops

PhantomRaven dropped 88 malicious npm packages targeting AWS credentials and CI secrets. A critical RCE in simple-git threatens millions of dev environments. Your developer toolchain is a target.

March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now

John Z Black Mar 12, 2026

Patch Tuesday #patch-tuesday #microsoft #zero-day #solarwinds #cisa #cve #vulnerability-management

Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.

Your AI Automation Platform Is a Backdoor: n8n RCE and a 4-Minute AI Browser Phishing Attack

John Z Black Mar 12, 2026

Vulnerabilities #n8n #ai-security #automation #prompt-injection #cve-2025-68613 #cisa #agentic-ai #perplexity

CISA flagged an actively-exploited RCE in n8n with 24,700 exposed instances. Researchers turned Perplexity's AI browser into a phishing tool in under four minutes. When software acts for you, it can be turned against you.

Iran Hit a Medical Device Giant, a NATO Parliament, and Your Instagram Feed on the Same Day

John Z Black Mar 12, 2026

Threat Intelligence #iran #handala #stryker #wiper-attack #critical-infrastructure #influence-operations #nato #threat-intelligence

March 11 wasn't three separate cyberattacks. It was one coordinated Iranian campaign across three fronts: a wiper on Stryker, a breach of Albania's parliament, and an influence op on Instagram. All in 24 hours.