authentication

The Auth Layer Is Leaking: Why cPanel, GitHub, and Microsoft Are All Scrambling

John Z Black May 4, 2026

Vulnerabilities & Patching #NTLM #cpanel #github #entra-id #authentication #zero-day #vulnerability

A single week brought critical auth bypasses in cPanel, GitHub Enterprise, Microsoft Entra ID, and a zero-click NTLM re-patch. This isn't a run of bad luck.

The Week Toolchain Trust Collapsed, Again

John Z Black Mar 30, 2026

Threat Intelligence #weekly-recap #supply-chain #teampcp #ai-security #authentication #iran #healthcare #bpfdoor #privacy

TeamPCP kept hitting developer tooling. AI attack surfaces went from theoretical to exploited. Attackers logged in instead of breaking in. And Iran went after the FBI director's personal inbox.

Your MFA Isn't Enough. (And Most Places Don't Even Have That.)

John Z Black Mar 29, 2026

Incidents & Breaches #mfa #phishing #oauth #device-code-phishing #microsoft365 #passwordless #azure #authentication #identity-security

A phishing campaign bypassed MFA at 340+ organizations using legitimate OAuth flows, while 76% of companies are still relying on passwords in the first place.