John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The Mythos Breach: Your AI Is Only as Secure as Its Weakest Integration
Unauthorized access to Anthropic's Mythos model via a compromised OAuth app exposes the real security threat in the agentic AI era: third-party integrations that inherit trust they haven't earned.
Read More
The 22-Month Window: How Vercel's Upstream Analytics Bridge Was Compromised
Vercel recently disclosed a major security incident via Context.ai that began in June 2024. For nearly two years, an invisible door was held open into the core of their cloud identity. It is a masterclass in the hidden risks of 'harmless' SaaS analytics.
Read More
Russia's GRU Hijacked 18,000 Routers to Steal Microsoft 365 Tokens Without a Single Piece of Malware
APT28 changed the DNS settings on 18,000 home routers and stole Microsoft 365 tokens after users completed MFA. No malware needed. Your second factor was irrelevant.
Read More
China's TA416 Is Back in Europe After Two Years. They Brought New Tricks.
TA416 has resumed targeting EU government and diplomatic organizations with PlugX malware, now abusing OAuth redirects to slip past traditional phishing defenses.
Read More
Device Code Phishing Is Up 37.5x and Ten Kits Are Competing for Market Share
Device code phishing attacks surged 37.5x in 2026 with at least ten competing kits now selling the technique to low-skill criminals.
Read More
Your MFA Isn't Enough. (And Most Places Don't Even Have That.)
A phishing campaign bypassed MFA at 340+ organizations using legitimate OAuth flows, while 76% of companies are still relying on passwords in the first place.
Read More
340+ Organizations Hit by M365 Phishing That Bypasses MFA Without Touching Your Password
A device code OAuth phishing campaign has compromised 340+ organizations since February 2026, bypassing MFA and surviving password resets. It's still running.
Read More