daily plain-text briefing: security, markets, business, and pittsburgh
Defenders went on offense as a researcher wielding Claude Opus 4.8 cracked open a critical Zcash privacy flaw and npm moved to choke off the dependency scripts that fuel supply chain attacks.
Latest developments: Researcher Taylor Hornby, working with Claude Opus 4.8, found a critical vulnerability in Zcash's Orchard shielded pool on May 29, and the Zcash team has since fixed it.
The Orchard pool, live since 2022, runs Zcash's most advanced shielded transactions, letting users send and receive funds privately. Zcash hired Hornby specifically to hunt this class of flaw, and he found one fast enough to embarrass the team. Zcash holders should confirm they run the patched software.
Sources: Schneier on Security
Latest developments: npm announced that version 12 will stop running install scripts from dependencies by default, forcing developers to explicitly allow them.
Malicious install scripts have driven many JavaScript supply chain compromises, executing attacker code the moment a developer runs npm install. By blocking automatic script execution, npm 12 shuts that path unless a developer opts in. Maintainers who depend on lifecycle scripts will need to whitelist them.
Sources: SecurityWeek
Latest developments: Maine took its public data breach notification portal offline after fraudsters published bogus breach disclosures on the state's website.
Maine's portal lets organizations report breaches and publishes the filings for the public to see. Attackers abused the open submission process to post fake disclosures, pushing the state to disable the site and review its procedures. Officials plan new controls to block future abuse.
Sources: BleepingComputer
Latest developments: A federal court sentenced a former Iowa school district IT employee to 21 months in prison for a sustained cyberattack on his old employer.
After leaving the district, the worker broke back into its systems, deleted accounts, and disrupted classroom operations, racking up tens of thousands of dollars in damage. His insider knowledge of credentials and infrastructure made the intrusion easy. The case underscores the need to revoke departing employees' access the day they leave.
Sources: BleepingComputer
Latest developments: Unit 42 disclosed a previously unknown macOS Tahoe 26 artifact that records the user's menu selections across the entire operating system.
The artifact logs which menu items a user picks system-wide, handing investigators a fresh trail of user intent during incident response. Forensic analysts can mine it to reconstruct activity on compromised or suspect Macs. Palo Alto's Unit 42 detailed where the data lives and how to read it.
Sources: Unit 42 (Palo Alto)
Latest developments: Kevin Warsh chairs his first Federal Reserve policy meeting this week, his debut setting rate policy after taking over as chair.
Warsh, a former Fed governor and longtime critic of the central bank's recent course, inherits headline annual inflation at 4.2%, the highest since April 2023, with markets split over whether he holds or cuts. His credibility on integrity and independence will shape how investors read every signal he sends.
Sources: Financial Times · Financial Times
Latest developments: China is readying a cross-border digital payments platform, backed by the central banks of Hong Kong, Thailand, the United Arab Emirates, and Saudi Arabia, to settle trade outside the dollar.
The system would let participating countries clear payments in their own currencies, chipping at the dollar's grip on global trade settlement. Beijing has courted Gulf and Southeast Asian partners as it builds an alternative to Western payment rails.
Sources: Financial Times
This Afternoon: Showers And Thunderstorms Likely, high 84F.
Tonight: Showers And Thunderstorms then Mostly Cloudy, low 56F.
Monday: Partly Sunny, high 71F.
Latest developments: Nara Organics recalled its infant formula sold at Target and online after federal regulators linked it to a multistate infant botulism outbreak.
The recall covers formula tied to botulism illness in infants across several states. Parents who bought the brand at Target or online should stop using it and check the affected lot numbers.
Sources: Pittsburgh Post-Gazette · WTAE
Latest developments: Pennsylvania ordered a quarantine on farm animals as the New World screwworm, a livestock parasite, spreads through cattle in southwestern states.
The order restricts livestock movement as states track screwworm cases climbing in the Southwest, a threat to the cattle industry that a federal containment program held off for decades until 2023. Pennsylvania joins wary states guarding their herds.
Sources: Pittsburgh Post-Gazette
Latest developments: Alcosan is kicking off a roughly $1 billion Ohio River tunnel, the first piece of a 10-year program to overhaul the region's sewer and stormwater system.
The Allegheny County Sanitary Authority's tunnel will capture overflow that fouls the rivers during heavy storms, the opening move in a decade-long effort to reshape Pittsburgh's waterways. Ratepayers ultimately fund the work.
Sources: Pittsburgh Post-Gazette
Latest developments: A $10.57 million improvement project will restrict traffic on a Hampton Township roadway for more than a month.
The work covers drainage upgrades, milling, paving, and base repairs. Drivers in the northern suburb should expect lane restrictions through much of the summer.
Sources: WPXI
Latest developments: A new report found nearly half of Pennsylvania's educator-preparation programs fail to train future teachers adequately in how to teach reading.
The finding lands as states nationwide pass laws steering reading instruction toward phonics-based methods. The gap leaves many new Pennsylvania teachers underprepared even as classrooms shift their approach.
Sources: TribLive
Latest developments: Pennsylvania's crime-victim services face funding cuts as a drop in federal white-collar prosecutions under Trump shrinks the penalties that bankroll them.
Much of the money supporting victim-advocacy programs flows from fines levied in federal fraud cases, so fewer prosecutions mean less revenue. Providers across the state warn of reduced help for the people they serve.
Sources: Pittsburgh Post-Gazette
Latest developments: The festival's guided nighttime firefly sightings have sold out, though its free daytime nature exhibits, music, and activities stay open to all.
The 14th annual Pennsylvania Firefly Festival runs Friday and Saturday, June 26 and 27, in the Allegheny National Forest near Tionesta, about 100 miles north of Pittsburgh, where at least 15 firefly species light the dark. Daytime programming is free; the ticketed guided night walks have already booked up.
Sources: NEXTpittsburgh
Pirates (36-36)
Sat Jun 13 · Marlins 2 · Pirates 3 · Final
Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: The Pirates expect Oneil Cruz to miss four to six weeks and recalled Esmerlyn Valdez to cover the roster spot.
Cruz's absence pulls a power bat from the lineup heading into a West Coast road trip against the Athletics and Rockies. Valdez gets the call-up to fill in.
Sources: Pittsburgh Post-Gazette
Latest developments: Paul Skenes said players need to dig in for the looming labor fight as owners push a salary cap into collective-bargaining talks.
The Pirates ace, writing himself into the center of MLB's brewing CBA battle, argued the union should hold firm against ownership. He pitches for one of the sport's lowest-spending clubs under owner Bob Nutting.
Sources: Pittsburgh Post-Gazette
Latest developments: Beat writers compiled 10 takeaways on Mike McCarthy and the Steelers from spring workouts, covering Aaron Rodgers, the secondary, and the running back room.
Pittsburgh wrapped its offseason program under coach Mike McCarthy, with Aaron Rodgers running the offense and questions swirling around the safeties, backs, and DK Metcalf's role. Reports flagged how McCarthy is reshaping the team's identity ahead of training camp at Latrobe.
Sources: Pittsburgh Post-Gazette
Latest developments: Post-Gazette analysts weighed whether the Steelers can build a new young core around cornerback Joey Porter Jr. and edge rusher Nick Herbig.
Porter and Herbig anchor a defense in transition, and the team faces decisions on Porter's next contract. Herbig recently landed a deal of his own after a long climb, per Cam Heyward's 'Not Just Football' show.
Sources: Pittsburgh Post-Gazette · Not Just Football with Cam Heyward
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1550 ▼ -0.4% GBP/USD 1.3363 ▼ -0.6% USD/JPY 160.31 ▲ +0.3%