================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 14, 2026 ================================================================ Federal agents and Google tore down Outsider Enterprise, a China-based AI-powered phishing service running a million malicious URLs, as Washington let its Section 702 surveillance authority lapse for the first time. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Crackdown: Law enforcement and vendors moved hard against AI-enabled crime as the FBI dismantled the Gemini-fueled Outsider phishing kit, while a researcher used Claude Opus 4.8 to find a critical Zcash flaw, showing AI cuts both ways. * Dormant Flaws: Decade-old defects keep surfacing, with phpBB patching a ten-year authentication bypass that grants admin login, echoing the long-buried bugs found this week in Linux login software and Check Point VPNs. * Supply Chain: Registry defenders are rewriting defaults, as npm 12 will stop running dependency install scripts automatically, the same vector behind this week's Arch Linux package hijacks. * Surveillance Politics: Government intelligence powers face open contest, with Section 702 of FISA lapsing amid congressional deadlock and Bernie Sanders pressing the question of who controls AI. SECURITY ---------------------------------------------------------------- :: RANSOMWARE AND CYBERCRIME 1. FBI DISMANTLES OUTSIDER PHISHING-AS-A-SERVICE [cybercrime, phishing, ai] Latest developments: The FBI, working with Google and Black Lotus Labs, seized and dismantled Outsider Enterprise, escalating from Google's earlier lawsuit to a full takedown of thousands of phishing sites spanning roughly a million URLs. Outsider Enterprise ran a phishing-as-a-service kit out of China, weaponizing Google's Gemini to mass-produce scam texts and fraudulent websites that harvested credit card numbers and passwords from Americans. Operators rented the toolkit to blast smishing links across a million URLs. The coalition shut down the infrastructure and exposed the network behind it. Defenders should block known Outsider domains and warn staff about credential-stealing text lures. - BleepingComputer: https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/ - The Hacker News: https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html 2. IOWA SCHOOL IT INSIDER JAILED FOR SABOTAGE [insider, cybercrime] Latest developments: A federal court sentenced a former IT employee of an Iowa school district to 21 months in prison for a prolonged cyberattack on his ex-employer. The insider deleted accounts, disrupted classroom operations, and ran up tens of thousands of dollars in damage after leaving the district. The case turns on access that outlasted his employment. It underscores the danger of credentials that survive a departure. Organizations should revoke accounts the moment staff exit. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/ :: POLICY AND REGULATION 3. SECTION 702 SURVEILLANCE AUTHORITY LAPSES [policy, surveillance] Latest developments: Section 702 of the Foreign Intelligence Surveillance Act lapsed for the first time since its 2008 passage after Congress deadlocked, halting a cornerstone US foreign-intelligence collection program. Section 702 lets US agencies collect the communications of foreign targets abroad, a backbone of signals intelligence that also sweeps in Americans' data and has drawn privacy fights for years. Legislative deadlock let the authority expire outright. Intelligence agencies lose a key surveillance tool until Congress reauthorizes it. The lapse leaves ongoing collection in legal limbo. - The Record: https://therecord.media/major-us-surveillance-program-set-to-lapse-702-fisa :: SUPPLY CHAIN SECURITY 4. NPM 12 DISABLES DEPENDENCY SCRIPTS BY DEFAULT [supply-chain, patch] Latest developments: Npm announced that version 12 will stop running dependency lifecycle scripts on install by default, requiring developers to explicitly allow them. Supply chain attackers have long abused npm's automatic execution of install scripts to run malware the moment a developer pulls a package. Npm 12 flips the default so install no longer executes those scripts unless whitelisted. The change blunts a favorite infection vector behind recent registry compromises. Developers relying on legitimate post-install scripts must opt them back in. - SecurityWeek: https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/ :: VULNERABILITIES AND EXPLOITS 5. CRITICAL ZCASH ORCHARD FLAW FOUND AND FIXED [vulnerability, cryptocurrency, ai] Latest developments: Researcher Taylor Hornby disclosed a critical vulnerability in Zcash's Orchard shielded pool, found on May 29 using Claude Opus 4.8, and the Zcash team patched it. Orchard is Zcash's newest privacy system for shielded transactions, live since 2022. The Zcash team hired Hornby to hunt for exactly this class of bug, and he found a critical one fast with AI assistance. Developers fixed it before any known exploitation surfaced. Zcash holders should move to the patched software. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html 6. PHPBB PATCHES DECADE-OLD AUTH BYPASS [vulnerability, patch] Latest developments: phpBB fixed a ten-year-old authentication bypass that let an attacker log in as any user, administrators included. phpBB is widely deployed open-source forum software running countless community sites. The flaw lurked for a decade and allowed full account takeover, including admin access. Maintainers shipped a patch. Forum operators should upgrade at once. - BleepingComputer: https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/ :: DATA BREACHES 7. MAINE PULLS BREACH PORTAL OVER FAKE FILINGS [breach, policy] Latest developments: Maine took its public data breach notification portal offline after fraudsters published fake breach disclosures on the state website. Maine runs a public portal where companies file data breach reports and citizens read them. Bad actors submitted bogus disclosures that the state published, undermining trust in the record. Officials pulled the portal and launched a review of submission controls. The episode exposes weak validation on government self-service intake. - BleepingComputer: https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Israel struck Hezbollah targets in Beirut's southern outskirts on Sunday, and Iran threatened to walk away from talks to end its war with the United States, imperiling a ceasefire President Trump expected to firm up within days. Trump publicly rebuked the strikes as a disproportionate response that could scuttle the deal. - WSJ World News: https://www.wsj.com/world/middle-east/iran-threatens-to-pull-out-of-talks-after-israel-strikes-beiruts-outskirts-d0390e22 - FT World: https://www.ft.com/content/726f4afe-c3ff-4ec0-bfc9-b572b419e11f * US headline inflation reached 4.2 percent, the highest since April 2023, just as Kevin Warsh prepares to chair his first Federal Reserve meeting this week. The timing sets an early test of how the new chair weighs renewed price pressure against political demands for lower rates. - FT Markets: https://www.ft.com/content/20509c5d-e995-4670-83f5-d3d705671ee1 - FT World: https://www.ft.com/content/c17424f0-244e-45f4-b1d7-a0ffcebc4cf0 * China launched a cross-border digital payments platform backed by the central banks of Hong Kong, Thailand, the United Arab Emirates, and Saudi Arabia, its most concrete move yet to build settlement rails that route around the dollar. - FT World: https://www.ft.com/content/76de5ca6-9ae8-49ae-a0cb-64d09040f327 PITTSBURGH ---------------------------------------------------------------- Weather: Today: Chance Showers And Thunderstorms, high 84F. Tonight: Showers And Thunderstorms then Mostly Cloudy, low 56F. Monday: Mostly Sunny, high 71F. Business: * Alcosan began a billion-dollar tunnel beneath the Ohio River, the first piece of a 10-year program to overhaul the region's sewer and stormwater system and cut overflows into Pittsburgh's rivers. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/region/2026/06/14/alcosan-ohio-river-tunnel-pittsburgh-water/stories/202606120073 * Allegheny County weighs a paid parental leave mandate, and business groups warn the cost and administrative load could fall hardest on small employers. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/health/2026/06/14/paid-parental-leave-allegheny-county/stories/202606110032 * Pennsylvania issued a quarantine order on farm animals as the New World screwworm, a flesh-eating parasite, spread through southwestern states, putting livestock producers on alert. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/14/new-world-screwworm-quarantine-animals/stories/202606140069 Around town: * Forecasters flagged Sunday as an impact day across western Pennsylvania, with scattered afternoon thunderstorms capable of damaging winds between 3 and 8 p.m. before drier, cooler air settles in overnight. - WTAE: https://www.wtae.com/article/impact-day-scattered-afternoon-thunderstorms-for-western-pa/71580602 * A $10.57 million improvement project will restrict traffic on a Hampton Township roadway for more than a month, covering drainage upgrades, milling, paving, and base repairs. - WPXI: https://www.wpxi.com/news/local/improvement-project-restrict-traffic-hampton-township-roadway-over-month/FQKY3MOKDRCC3PTPXYXSYFNHBU/ * Pennsylvania's crime victim services face funding cuts as white-collar prosecutions, whose fines bankroll the programs, dropped under the Trump administration. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/social-services/2026/06/14/victim-services-pennsylvania/stories/202606110006 * Nara Organics recalled baby formula sold at Target after a multistate infant botulism outbreak; the rare illness strikes babies under a year old when ingested spores produce a toxin in the immature gut. - WPXI: https://www.wpxi.com/news/local/nara-organics-recalls-baby-formula-sold-target-after-multistate-infant-botulism-outbreak/FAAJXB4MHRG7TERVLOJ5N6RTRY/ Events: * West Virginia's baseball team faces North Carolina on Sunday evening in the Men's College World Series in Omaha, the Mountaineers carrying a six-game winning streak after their first-ever series win. - KDKA: https://www.cbsnews.com/pittsburgh/news/how-to-watch-west-virginia-north-carolina-baseball-tonight-college-world-series/ * The Stroller's June 14 column rounds up upcoming nonprofit fundraisers, club meetings, and community events across the Alle-Kiski Valley. - TribLive: https://triblive.com/local/valley-news-dispatch/the-stroller-june-14-2026-events-in-the-alle-kiski-valley/ SPORTS ---------------------------------------------------------------- Pirates (36-35) Sat Jun 13 · Marlins 2 · Pirates 3 · Final Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2 https://plaintextsports.com/mlb/2026-06-13/mia-pit Up Next · Marlins @ Pirates · Sun Jun 14, 12:15 PM https://plaintextsports.com/mlb/2026-06-14/mia-pit Headlines: · Marlins beat the Pirates 8-3 for their 6th straight victory READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 1) Zitron argues the AI era is nearing its end, reading the simultaneous IPO filings of OpenAI and Anthropic as a race for exit liquidity by two firms that burn billions a year with no path to profit. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-1/ * Stratechery -- An Interview with Ben Bajarin About Apple, AI, and Compute Thompson and analyst Ben Bajarin take stock of Apple's WWDC and the broader scramble for AI compute capacity, weighing what Apple's newly shipped Intelligence means for the industry. https://stratechery.com/2026/an-interview-with-ben-bajarin-about-apple-ai-and-compute/ * Cal Newport -- Why Isn’t AI Taking Our Jobs? Newport challenges the favorite analogy of AI executives, that their technology will eliminate cognitive jobs the way machines eliminated manual ones, and digs into why the predicted wave of displacement has not arrived. https://calnewport.com/why-isnt-ai-taking-our-jobs/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1550 ▼ -0.4% GBP/USD 1.3363 ▼ -0.6% USD/JPY 160.31 ▲ +0.3% ================================================================ Generated 2026-06-14 11:50 EDT. Sources: 18 security feeds; 9 Pittsburgh feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================