John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Mostly security stuff...
Make sure you check out my main blog at https://gnerdsec.com/blog
The CI/CD Supply Chain Crisis: Poisoning the Well at the Source
Attackers are ignoring the database and going for the person writing the code. Bamboo, GitLab, and Spinnaker are facing critical flaws that turn your build tools into weapons.
Read More
The AI Deception Loop: Weapons at the Pentagon, Scams on your Screen
High-end AI is quietly becoming a national security asset for the Pentagon while scammers use the same tech to automate the social engineering cycle for ordinary users.
Read More
The Shadow API Tsunami: Toyota, Telefonica, and the 90% Problem
Salt Labs says 90% of security investigations uncover API vulnerabilities. Toyota (6.3M records) and Telefonica Brasil (15M records) just proved the point.
Read More
Payouts King Ransomware Built Their Own Room Inside Your Machine
The Payouts King ransomware group is running TinyCore Linux VMs inside QEMU on compromised Windows hosts, creating an EDR-invisible enclave for C2 and pre-encryption operations. Here's how it works and what to hunt for.
Read More
Patch Now: OpenClaw CVE-2026-41296 Is a Full Sandbox Escape
A TOCTOU race condition in OpenClaw's file handling allows a full sandbox escape. Version 2026.3.31 fixes it. If you're running an older version, stop reading and go patch.
Read More
A Five-Euro Tracker. A 500-Million-Euro Warship. An Obvious Gap.
A Dutch security researcher mailed a Bluetooth tracker hidden in a greeting card to a naval frigate and tracked it across the Mediterranean for 24 hours. The Dutch Navy banned battery-containing cards. That's the fix they landed on.
Read More