John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The Lock Is Broken: Critical Auth Bypasses Hit Cisco, GitHub, and Palo Alto
Four critical authentication bypasses dropped this week across Cisco SD-WAN, GitHub Enterprise, Palo Alto PAN-OS, and Zabbix. This isn't a credential problem. The authentication systems themselves are failing.
Read More
The Attack Isn't Coming From a Stranger. It's Coming From Your GitHub Notifications.
Four active campaigns documented today share one design principle: the attack arrives from something the target already trusts. APT37 builds friendships on Facebook first. Attackers abuse GitHub and Jira notifications to deliver phishing links that pass SPF, DKIM, and DMARC. A fake rocket alert app spies on people in a conflict zone. AI-generated articles seed Google Discover with scareware.
Read More
Claude Code's Leaked Source Spawned Malware and a DMCA Disaster
Threat actors turned Anthropic's leaked source into a Vidar infostealer campaign within 24 hours. Then Anthropic's DMCA response nuked 8,100 innocent repos.
Read More
GitHub Is Becoming a Minefield for Developers. Most of Them Have No Idea.
Three simultaneous attacks on GitHub's trust signals -- fake stars, weaponized security alerts, and a scanning bug that let 72 malicious extensions slip through -- show the reputation infrastructure developers rely on is broken.
Read More
GlassWorm Is Hiding Malware in Invisible Code and Pushing It Into Your Python Repos
GlassWorm steals GitHub tokens, then injects malicious code written in invisible Unicode characters into repos developers already trust. 151 packages hit in one week.
Read More