================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 14, 2026 ================================================================ Unauthenticated remote-code flaws tore through Splunk and Oracle PeopleSoft as Washington tightened its grip on which humans may touch frontier AI. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * Unauthenticated RCE: Critical 9.8-severity flaws in Splunk Enterprise and Oracle PeopleSoft both let attackers run code with no login, putting enterprise data stores one request away from compromise. * AI Governance: The Anthropic export order and Bernie Sanders's sovereign-wealth proposal show governments moving to control who builds, owns, and accesses frontier AI. * Weaponized AI: The FBI takedown of the Gemini-powered Outsider phishing service confirms criminals now wire large language models directly into mass fraud infrastructure. * Self-Inflicted Exposure: A botched redaction of Argentina's World Cup passports shows human error still leaks sensitive data faster than any intruder. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. CRITICAL SPLUNK ENTERPRISE CODE-EXECUTION FLAW [zero-day, patch, rce] Latest developments: Splunk shipped emergency fixes for CVE-2026-20253, a 9.8-severity bug that lets an unauthenticated attacker create or truncate arbitrary files and run code remotely. The flaw affects Splunk Enterprise versions below 10.2.4 and 10.0.7. Because Splunk ingests an organization's logs and security telemetry, a compromise hands attackers both the crown-jewel data and a blind spot in monitoring. Administrators should upgrade to a patched build immediately and review file-system access on exposed instances. - The Hacker News: https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html 2. SHINYHUNTERS PEOPLESOFT ZERO-DAY HITS UNIVERSITIES [zero-day, breach, patch] Latest developments: Fresh reporting shows the Oracle PeopleSoft flaw CVE-2026-35273 fell hardest on American universities, with ShinyHunters siphoning gigabytes of records from hundreds of organizations. The missing-authentication bug in Oracle's PeopleSoft ERP software lets attackers reach data with no credentials. Higher-education institutions, heavy PeopleSoft users, absorbed the brunt as the gang exfiltrated student and staff records at scale. CISA already lists the flaw as known-exploited; affected schools should patch and hunt their logs for bulk data pulls. - Dark Reading: https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed - Ars Technica Security: https://arstechnica.com/security/2026/06/peoplesoft-0-day-affecting-hundreds-of-organizations-steals-gigabytes-of-data/ :: AI SECURITY 3. ANTHROPIC DISPUTES FOREIGN-ACCESS BAN [policy, ai, export-controls] Latest developments: Anthropic publicly pushed back on the Trump administration's order, calling the cited jailbreak narrow and the underlying capability widely available elsewhere, even as it complied and pulled Fable 5 and Mythos 5 worldwide. The government directive, delivered the evening of June 13, ordered Anthropic to block all foreign nationals from its two most advanced models, citing national security. Rather than partition users, the company suspended both models globally for everyone. Anthropic frames the move as export-control overreach against a single vendor; the episode signals how aggressively Washington will police access to frontier systems. - BleepingComputer: https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/ - SecurityWeek: https://www.securityweek.com/anthropic-says-it-has-taken-its-latest-ai-models-offline-to-comply-with-new-export-controls/ - The Hacker News: https://thehackernews.com/2026/06/us-orders-anthropic-to-suspend-fable-5.html :: RANSOMWARE AND CYBERCRIME 4. FBI DISMANTLES OUTSIDER PHISHING SERVICE [phishing, ai, takedown] Latest developments: Newly disclosed scale figures put the FBI, Google, and Black Lotus Labs takedown of Outsider Enterprise at roughly a million malicious URLs across thousands of phishing sites. Outsider Enterprise ran a Chinese phishing-as-a-service kit that weaponized Google's Gemini to mass-produce scam pages harvesting credit-card data and passwords. The coordinated seizure follows Google's earlier civil suit against the same network. The million-URL footprint shows how AI now lets a single operation industrialize credential theft. - BleepingComputer: https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/ - The Hacker News: https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html :: POLICY AND REGULATION 5. SANDERS PITCHES AI SOVEREIGN WEALTH FUND [policy, ai] Latest developments: Senator Bernie Sanders used a New York Times op-ed to propose an AI sovereign wealth fund, arguing the public should share in the wealth a handful of billionaires now stand to capture. Sanders's piece asks whether a few AI-owning billionaires should determine humanity's future with little democratic input. Security commentator Bruce Schneier endorsed the framing, tying it to debates over concentrated control of powerful systems. The proposal lands amid sharpening fights over how governments tax, fund, and govern AI development. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/bernie-sanders-ai-sovereign-wealth-fund-plan.html :: DATA BREACHES 6. WORLD CUP DOCUMENT LEAKS MESSI'S PASSPORT [breach, privacy] Latest developments: A poorly redacted World Cup document exposed the passport numbers of Argentina's entire squad, Lionel Messi included, before the tournament kicked off. No intruder caused this exposure; someone simply failed to black out sensitive fields before publishing the file. Passport numbers feed identity fraud and travel impersonation, making the slip a real risk for the players. The incident is a reminder that redaction failures leak high-value personal data as readily as any breach. - Graham Cluley: https://www.bitdefender.com/en-us/blog/hotforsecurity/privacy-own-goal-world-cup-blunder-leaks-lionel-messis-passport-details BUSINESS AND POLITICS ---------------------------------------------------------------- * Iran Deal at Risk as Israel Strikes Beirut Latest developments: Tehran threatened to abandon talks and retaliate after Israel hit what it called a Hezbollah command center, and Trump ordered both sides to stand down hours before he expects to seal the Strait of Hormuz agreement Sunday. The United States and Iran stand at the cusp of an accord that would end their war, reopen the Strait of Hormuz, and dismantle Iran's nuclear program in exchange for sanctions relief, after a helicopter-crash escalation pushed them from renewed fighting back toward a ceasefire. Israel's strike on Beirut's outskirts now threatens to unravel the deal, with oil prices and the wider energy shock hinging on whether the signing holds. - WSJ World News: https://www.wsj.com/world/middle-east/iran-threatens-to-pull-out-of-talks-after-israel-strikes-beiruts-outskirts-d0390e22 - FT World: https://www.ft.com/content/ce9286fb-b37c-4113-9ec3-0464144c4977 - FT World: https://www.ft.com/content/726f4afe-c3ff-4ec0-bfc9-b572b419e11f PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Showers And Thunderstorms Likely, high 84F. Tonight: Showers And Thunderstorms then Mostly Cloudy, low 56F. Monday: Partly Sunny, high 71F. Business: * LeMont Marks 66 Years on Mount Washington Latest developments: TribLive profiled the restaurant's longtime staff, who together count nearly 175 years of service. LeMont, the fine-dining landmark perched on Mount Washington with a sweeping view of the city, has run for 66 years, its kitchen and floor crew anchoring one of Pittsburgh's enduring restaurants even as the skyline below it changed. - TribLive: https://triblive.com/lifestyles/food-drink/at-lemont-nearly-175-years-of-combined-service-help-define-a-landmark/ * Single-Employer Towns Face Collapse Risk Latest developments: A TribLive editorial argues the loss of Spirit shows how small towns built around one employer cascade toward collapse when that company leaves. Many Western Pennsylvania communities depend on a single dominant employer, and the editorial warns that when such a factory closes, the lost jobs ripple through tax revenue, local businesses, and population in a chain reaction that hollows out the town. - TribLive: https://triblive.com/opinion/editorial-spirit-loss-sets-off-domino-effect/ * Shadyside Victorian Listed After 150 Years Latest developments: Pittsburgh Magazine featured the listing of 719 Amberson Avenue, a home that hosted piano concerts for decades. A Queen Anne Victorian built in 1885 at 719 Amberson Avenue in West Shadyside has come on the market after nearly 150 years of preservation, one of the neighborhood's longest-held historic houses. - Pittsburgh Magazine: https://www.pittsburghmagazine.com/hot-property-719-amberson-ave-shadyside/ Around town: * Severe Thunderstorm Watch Through Sundown Latest developments: The National Weather Service upgraded today's outlook to a severe thunderstorm watch, with a line of storms tracking through between 4 p.m. and 8 p.m. Damaging winds and heavy downpours are the leading threats across western Pennsylvania this afternoon, with most rain clearing east by 9 or 10 p.m. before drier, cooler air settles in overnight. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/weather-news/2026/06/14/pittsburgh-weather-outlook-today-june-14-2026/stories/202606140075 - WTAE: https://www.wtae.com/article/pittsburgh-area-thunderstorm-watch-june-14/71582006 * State Police Fine Nearly 700 for Held Cellphones Latest developments: State police have issued nearly 700 fines under Pennsylvania's Paul Miller Law, which bars holding a cellphone while driving. The Paul Miller Law makes it illegal to hold a phone behind the wheel in Pennsylvania, and troopers have begun enforcing it with citations, the early count of penalties signaling the start of active enforcement statewide. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/14/cellphone-ban-tickets-paul-miller-law-fine/stories/202606140071 * Triadelphia Still Rebuilding a Year After Floods Latest developments: A year after deadly floods, recovery in tiny Triadelphia, West Virginia, remains slow and residents still carry the trauma. Triadelphia, a small community in the Northern Panhandle of West Virginia, suffered flooding that killed residents and wrecked homes last year, and rebuilding has lagged as families wait on aid and contend with lasting emotional damage. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/weather-news/2026/06/14/triadelphia-west-virginia-flood-recovery/stories/202606120055 * WVU Baseball Plays in College World Series Latest developments: West Virginia, 46-15 and winners of six straight, faces North Carolina tonight in Omaha after notching the program's first-ever College World Series game victory over Troy on Friday. The Mountaineers reached the Men's College World Series for the first time in program history, sweeping through the Morgantown Regional and the Cal Poly Super Regional, and tonight's game against North Carolina airs from Omaha, Nebraska. - KDKA: https://www.cbsnews.com/pittsburgh/news/how-to-watch-west-virginia-north-carolina-baseball-tonight-college-world-series/ Events: * Pennsylvania Firefly Festival in Tionesta Latest developments: The 14th annual festival runs June 26 and 27 in the Allegheny National Forest, and the guided nighttime firefly sightings have already sold out. The Pennsylvania Firefly Festival celebrates the 15-plus firefly species that light the Allegheny National Forest each June, in Tionesta, Pennsylvania, about 100 miles north of Pittsburgh. The booked-up nocturnal tours are gone, but free daytime nature exhibits, music, and firefly-themed happenings remain open on June 26 and 27. - NEXTpittsburgh Events: https://nextpittsburgh.com/environment/this-firefly-festival-about-100-miles-from-pittsburgh-sells-out-every-year/ * Honeck Extends Pittsburgh Symphony Tenure Latest developments: Manfred Honeck signed an extension that will carry his music directorship of the Pittsburgh Symphony Orchestra to 25 years. Honeck, the Austrian conductor who has led the Pittsburgh Symphony since 2008 and built its international reputation, will stay through a quarter-century at the podium under the new deal, one of the longest such partnerships in American orchestras. - Post-Gazette Music: https://www.post-gazette.com/ae/music/2026/06/10/manfred-honeck-pso-contract/stories/202606100041 * App Maps Pittsburgh's Film Locations Latest developments: The PastFinders app now guides users to spots where movies such as 'The Dark Knight Rises' filmed downtown. A self-guided walking tour through the PastFinders app lets visitors stand on the exact downtown Pittsburgh sites used in major films, a free-roaming thing to do for movie fans across the city. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/movies/2026/06/11/pittsburgh-film-tour-app-pastfinders/stories/202605290043 SPORTS ---------------------------------------------------------------- Pirates (36-35) Sat Jun 13 · Marlins 2 · Pirates 3 · Final Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2 https://plaintextsports.com/mlb/2026-06-13/mia-pit Sun Jun 14 · Marlins 4 · Pirates 1 · Top 8th https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Headlines: · Marlins beat the Pirates 8-3 for their 6th straight victory READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 1) Zitron argues the AI era is ending as OpenAI and Anthropic file to go public, framing the IPOs as a race for exit liquidity by two companies that burn billions a year with no path to profit. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-1/ * Stratechery -- Fable 5, Anthropic Alignment, AI Tiers Thompson examines Fable 5 as the public version of Mythos, judging it highly capable while warning that its release sets troubling new precedents around alignment and the tiering of AI models. https://stratechery.com/2026/fable-5-anthropic-alignment-ai-tiers/ * Cal Newport -- Why Isn't AI Taking Our Jobs? Newport questions the standard comparison between AI and industrial automation, arguing that knowledge work has not collapsed the way AI leaders predicted and probing why their job-loss forecasts have not borne out. https://calnewport.com/why-isnt-ai-taking-our-jobs/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1550 ▼ -0.4% GBP/USD 1.3363 ▼ -0.6% USD/JPY 160.31 ▲ +0.3% ================================================================ Generated 2026-06-14 14:47 EDT. Sources: 18 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================