John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
BlackSanta Kills Your EDR Before You Even Know You're Hit — and It's Coming Through HR
New malware called BlackSanta disables your endpoint detection, and it's getting in through HR inboxes. That combo is nastier than it sounds.
Read More
When 'No' Means Nothing: Privacy Erosion from DHS Surveillance to Duolingo Tracking
DHS fired the privacy officers who questioned surveillance orders. Duolingo keeps sending your data to ByteDance after you opt out. Your 'no' doesn't work when nobody's enforcing it.
Read More
The War Near Iran Is Breaking Your Apps: GPS Jamming, Cyber Escalation, and Civilian Collateral
GPS jamming near Iran is wrecking delivery and navigation apps across the region. Unit 42 warns of escalating Iranian cyber risk. Modern conflict has a civilian tech blast radius.
Read More
APT28's Covenant Trick and North Korea's AirDrop Hack: How Nation-States Borrow Their Tools
Russia's APT28 hijacked an open-source red-team tool to hit Ukraine. North Korea's UNC4899 used Apple AirDrop to break into a crypto firm. Both attacks exploit the trust we put in legit software.
Read More
AI Agents Have an Infrastructure Problem — and Researchers Just Proved It
MCP protocol flaws, a 38-researcher red team exercise, and LLM-powered deanonymization all landed the same week. AI agent security isn't a future problem. It's a right now problem.
Read More
The Edge Is the Front Line: FortiGate, ASUS Routers, and the War on Network Perimeters
Enterprise firewalls and consumer routers are getting hammered. FortiGate credential theft and the KadNap botnet show the same failure at the network edge.
Read More