John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Patch Alert: Wing FTP Exploited, Two Patch Tuesday Zero-Days, and a D-Link RCE That Doesn't Need a Login
Three vulnerability disclosures in one week across different parts of the stack. Wing FTP is actively exploited, March Patch Tuesday dropped two zero-days, and D-Link has an unauthenticated RCE in its DNS config.
Read More
CISA Is Running on Fumes While Threats Keep Piling Up
A third of CISA's workforce is gone. The agency is operating at 38% capacity during a shutdown. And a DOGE whistleblower alleges someone walked out with Social Security data. This isn't a policy debate. It's a capacity crisis.
Read More
The Week Trust Kept Breaking
Iranian wipers, poisoned dev tools, AI agents as attack surfaces, patches that never stopped coming, and a ransomware negotiator working for the bad guys. Trust fell apart in every direction this week.
Read More
March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now
Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.
Read More
Your AI Automation Platform Is a Backdoor: n8n RCE and a 4-Minute AI Browser Phishing Attack
CISA flagged an actively-exploited RCE in n8n with 24,700 exposed instances. Researchers turned Perplexity's AI browser into a phishing tool in under four minutes. When software acts for you, it can be turned against you.
Read More
Trump's Cyber Playbook: Big Offense, Fewer Rules, and a Promise to Pay Victims Back
The White House dropped a new National Cyber Strategy and a cybercrime victim restitution order in the same week. More offense, less regulation, and a plan to repay fraud victims with seized criminal funds.
Read More