critical-infrastructure

The Devices China Already Owns: Pre-Positioning for Future Conflict

John Z Black Apr 23, 2026

Threat Intelligence #china #volt-typhoon #flax-typhoon #cisa #ncsc #covert-network #pre-positioning #critical-infrastructure

China's state actors aren't just hacking networks; they're acquiring real estate. A massive joint advisory reveals how covert device networks are being pre-positioned inside everyday hardware like routers and NAS devices, waiting for the right moment to be activated.

Knock at the Door: Why Industrial Cyber Just Went Kinetic

John Z Black Apr 17, 2026

Policy, Law & Governance #critical-infrastructure #russia #ptc-windchill #apt28 #industrial-security #sweden #hensoldt

German police are physically visiting factories to warn about software bugs while Swedish power plants dodge pro-Russian sabotage attempts. Industrial cybersecurity is no longer an IT issue, it is a national security emergency.

LockBit Won't Die: 207 Victims in 2026 and What Ransomware Resilience Actually Looks Like

John Z Black Apr 15, 2026

Ransomware & Cybercrime #ransomware #lockbit #raas #local-government #critical-infrastructure #handala #iran #winona-county

Despite one of the most aggressive law enforcement operations in ransomware history, LockBit has claimed 207 victims in 2026. Winona County got hit twice in three months. The RaaS model is more durable than takedowns.

CISA Has Already Assessed Almost Every World Cup Stadium. The Cyber Defense Operation Is Running.

John Z Black Apr 13, 2026

Security Operations & Resilience #world-cup-2026 #cisa #event-security #critical-infrastructure #ddos #fifa #milan-olympics

CISA has completed cybersecurity assessments at nearly every World Cup 2026 stadium and team base camp. A White House task force is operational. The Milan Winter Olympics just gave the whole framework a live stress test with real Russian-linked attacks. This isn't a plan anymore.

Six Federal Agencies Just Told You to Disconnect Your PLCs. Here's What Forced Their Hand.

John Z Black Apr 8, 2026

Threat Intelligence #iran #plc #scada #critical-infrastructure #water-systems #cisa #fbi #ot-security

FBI, CISA, NSA, EPA, DOE, and Cyber Command co-signed a single advisory on Iranian hackers disrupting PLCs at U.S. water, energy, and government facilities. This isn't theoretical.

Stryker Recovered from an Iranian Wiper Attack. It Took Three Weeks and 80,000 Devices.

John Z Black Apr 3, 2026

Threat Intelligence #iran #handala #wiper #healthcare #stryker #nation-state #critical-infrastructure #fbi

Iran's Handala group wiped 80,000 devices across Stryker's global network. Maryland EMS lost digital ECG transmission. The DOJ confirmed Iran's government runs Handala.

LA Metro Is Still Rebuilding 1,400 Servers After a March Cyberattack

John Z Black Apr 3, 2026

Incidents & Breaches #la-metro #transit #critical-infrastructure #worldleaks #ransomware #california

Two weeks after detecting unauthorized access, LA Metro is checking 1,400 servers one by one. WorldLeaks claims 160GB stolen. Trains and buses never stopped.

So Bad That German Police Knocked on Doors: The PTC Windchill Flaw Now in CISA's KEV

John Z Black Mar 28, 2026

Vulnerabilities & Patching #cisa #ptc #windchill #kev #industrial #ics #manufacturing #rce #bsi #critical-infrastructure

A critical RCE flaw in PTC Windchill hit CISA's KEV with no patch available yet, and German police started showing up at factory doors in person to warn companies.

Ransomware Hits Spain's Largest Fishing Port, Forcing Manual Operations

John Z Black Mar 26, 2026

Incidents & Breaches #ransomware #critical-infrastructure #spain #port-security #europe

A ransomware attack knocked out digital systems at the Port of Vigo on March 24, 2026, forcing staff to revert to paper logs and phone calls. No group has claimed the attack.

Federal Cyber Reality Check: Capacity, Coordination, and Confidence Are Out of Sync

John Z Black Mar 18, 2026

Policy, Law & Governance #cisa #dhs #critical-infrastructure #governance #policy #incident-response #federal-cyber

Staffing gaps, fuzzy lead-agency roles, and public messaging that doesn't always match operational uncertainty -- the layers of federal cyber aren't running in sync right now.

Iran Didn't Need Malware to Cripple Stryker. They Just Used Microsoft Intune.

John Z Black Mar 17, 2026

Threat Intelligence #iran #stryker #handala #intune #mdm #wiper #healthcare #nation-state #critical-infrastructure

The Handala group wiped tens of thousands of Stryker devices using the company's own MDM platform. No malware. No exploit. Just admin access and the willingness to press the button.

New York Just Did What the EPA Couldn't: Mandatory Cybersecurity for Water Utilities

John Z Black Mar 15, 2026

Policy, Law & Governance #critical-infrastructure #water-utility #regulatory-compliance #new-york #epa #ics-security

The feds tried and failed to mandate cybersecurity for water utilities. New York got tired of waiting and did it themselves. Sound familiar?

Iran Hit a Medical Device Giant, a NATO Parliament, and Your Instagram Feed on the Same Day

John Z Black Mar 12, 2026

Threat Intelligence #iran #handala #stryker #wiper-attack #critical-infrastructure #influence-operations #nato #threat-intelligence

March 11 wasn't three separate cyberattacks. It was one coordinated Iranian campaign across three fronts: a wiper on Stryker, a breach of Albania's parliament, and an influence op on Instagram. All in 24 hours.

The War Near Iran Is Breaking Your Apps: GPS Jamming, Cyber Escalation, and Civilian Collateral

John Z Black Mar 11, 2026

Geopolitical Security #iran #gps-jamming #electronic-warfare #cyber-escalation #critical-infrastructure #geopolitics

GPS jamming near Iran is wrecking delivery and navigation apps across the region. Unit 42 warns of escalating Iranian cyber risk. Modern conflict has a civilian tech blast radius.