================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 14, 2026 ================================================================ Defenders went on offense as a researcher wielding Claude Opus 4.8 cracked open a critical Zcash privacy flaw and npm moved to choke off the dependency scripts that fuel supply chain attacks. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Defenders: AI shifted toward the defenders' bench, as a researcher used Claude Opus 4.8 to surface a critical bug in Zcash's shielded pool that a human team had missed. * Supply Chain: Maintainers moved to harden the software supply chain, with npm 12 disabling the dependency install scripts attackers routinely weaponize. * Trust Abuse: Insiders and impostors exploited trusted systems, from a fired IT worker wrecking a school district to fraudsters seeding fake breaches on Maine's official portal. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. CRITICAL ZCASH ORCHARD PRIVACY POOL FLAW [vulnerability, patch, cryptocurrency] Latest developments: Researcher Taylor Hornby, working with Claude Opus 4.8, found a critical vulnerability in Zcash's Orchard shielded pool on May 29, and the Zcash team has since fixed it. The Orchard pool, live since 2022, runs Zcash's most advanced shielded transactions, letting users send and receive funds privately. Zcash hired Hornby specifically to hunt this class of flaw, and he found one fast enough to embarrass the team. Zcash holders should confirm they run the patched software. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html 2. NPM 12 DISABLES DEPENDENCY SCRIPTS BY DEFAULT [supply-chain, npm, patch] Latest developments: npm announced that version 12 will stop running install scripts from dependencies by default, forcing developers to explicitly allow them. Malicious install scripts have driven many JavaScript supply chain compromises, executing attacker code the moment a developer runs npm install. By blocking automatic script execution, npm 12 shuts that path unless a developer opts in. Maintainers who depend on lifecycle scripts will need to whitelist them. - SecurityWeek: https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/ :: DATA BREACHES 3. MAINE PULLS BREACH PORTAL AFTER FAKE FILINGS [breach, policy] Latest developments: Maine took its public data breach notification portal offline after fraudsters published bogus breach disclosures on the state's website. Maine's portal lets organizations report breaches and publishes the filings for the public to see. Attackers abused the open submission process to post fake disclosures, pushing the state to disable the site and review its procedures. Officials plan new controls to block future abuse. - BleepingComputer: https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/ :: RANSOMWARE AND CYBERCRIME 4. FIRED IT WORKER JAILED FOR SCHOOL DISTRICT ATTACK [insider, cybercrime] Latest developments: A federal court sentenced a former Iowa school district IT employee to 21 months in prison for a sustained cyberattack on his old employer. After leaving the district, the worker broke back into its systems, deleted accounts, and disrupted classroom operations, racking up tens of thousands of dollars in damage. His insider knowledge of credentials and infrastructure made the intrusion easy. The case underscores the need to revoke departing employees' access the day they leave. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/ :: DIGITAL FORENSICS 5. NEW MACOS TAHOE 26 FORENSIC ARTIFACT [forensics, macos] Latest developments: Unit 42 disclosed a previously unknown macOS Tahoe 26 artifact that records the user's menu selections across the entire operating system. The artifact logs which menu items a user picks system-wide, handing investigators a fresh trail of user intent during incident response. Forensic analysts can mine it to reconstruct activity on compromised or suspect Macs. Palo Alto's Unit 42 detailed where the data lives and how to read it. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Warsh's First Fed Meeting Latest developments: Kevin Warsh chairs his first Federal Reserve policy meeting this week, his debut setting rate policy after taking over as chair. Warsh, a former Fed governor and longtime critic of the central bank's recent course, inherits headline annual inflation at 4.2%, the highest since April 2023, with markets split over whether he holds or cuts. His credibility on integrity and independence will shape how investors read every signal he sends. - Financial Times: https://www.ft.com/content/c17424f0-244e-45f4-b1d7-a0ffcebc4cf0 - Financial Times: https://www.ft.com/content/0b984a9e-8ea5-48e5-98cc-5d9751a118a3 * China's Dollar Challenge Latest developments: China is readying a cross-border digital payments platform, backed by the central banks of Hong Kong, Thailand, the United Arab Emirates, and Saudi Arabia, to settle trade outside the dollar. The system would let participating countries clear payments in their own currencies, chipping at the dollar's grip on global trade settlement. Beijing has courted Gulf and Southeast Asian partners as it builds an alternative to Western payment rails. - Financial Times: https://www.ft.com/content/76de5ca6-9ae8-49ae-a0cb-64d09040f327 PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Showers And Thunderstorms Likely, high 84F. Tonight: Showers And Thunderstorms then Mostly Cloudy, low 56F. Monday: Partly Sunny, high 71F. Business: * Nara Organics Formula Recall Latest developments: Nara Organics recalled its infant formula sold at Target and online after federal regulators linked it to a multistate infant botulism outbreak. The recall covers formula tied to botulism illness in infants across several states. Parents who bought the brand at Target or online should stop using it and check the affected lot numbers. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/14/nara-organics-formula-recall/stories/202606140073 - WTAE: https://www.wtae.com/article/nara-organics-infant-formula-recall-botulism/71581963 * Screwworm Quarantine on Farm Animals Latest developments: Pennsylvania ordered a quarantine on farm animals as the New World screwworm, a livestock parasite, spreads through cattle in southwestern states. The order restricts livestock movement as states track screwworm cases climbing in the Southwest, a threat to the cattle industry that a federal containment program held off for decades until 2023. Pennsylvania joins wary states guarding their herds. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/14/new-world-screwworm-quarantine-animals/stories/202606140069 Around town: * Alcosan Launches Ohio River Tunnel Latest developments: Alcosan is kicking off a roughly $1 billion Ohio River tunnel, the first piece of a 10-year program to overhaul the region's sewer and stormwater system. The Allegheny County Sanitary Authority's tunnel will capture overflow that fouls the rivers during heavy storms, the opening move in a decade-long effort to reshape Pittsburgh's waterways. Ratepayers ultimately fund the work. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/region/2026/06/14/alcosan-ohio-river-tunnel-pittsburgh-water/stories/202606120073 * Hampton Township Road Work Latest developments: A $10.57 million improvement project will restrict traffic on a Hampton Township roadway for more than a month. The work covers drainage upgrades, milling, paving, and base repairs. Drivers in the northern suburb should expect lane restrictions through much of the summer. - WPXI: https://www.wpxi.com/news/local/improvement-project-restrict-traffic-hampton-township-roadway-over-month/FQKY3MOKDRCC3PTPXYXSYFNHBU/ * Gaps in Teacher Reading Training Latest developments: A new report found nearly half of Pennsylvania's educator-preparation programs fail to train future teachers adequately in how to teach reading. The finding lands as states nationwide pass laws steering reading instruction toward phonics-based methods. The gap leaves many new Pennsylvania teachers underprepared even as classrooms shift their approach. - TribLive: https://triblive.com/news/pennsylvania/many-pa-colleges-arent-properly-training-future-teachers-how-to-teach-reading-report-finds/ * Crime Victim Services Face Cuts Latest developments: Pennsylvania's crime-victim services face funding cuts as a drop in federal white-collar prosecutions under Trump shrinks the penalties that bankroll them. Much of the money supporting victim-advocacy programs flows from fines levied in federal fraud cases, so fewer prosecutions mean less revenue. Providers across the state warn of reduced help for the people they serve. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/social-services/2026/06/14/victim-services-pennsylvania/stories/202606110006 Events: * Pennsylvania Firefly Festival Latest developments: The festival's guided nighttime firefly sightings have sold out, though its free daytime nature exhibits, music, and activities stay open to all. The 14th annual Pennsylvania Firefly Festival runs Friday and Saturday, June 26 and 27, in the Allegheny National Forest near Tionesta, about 100 miles north of Pittsburgh, where at least 15 firefly species light the dark. Daytime programming is free; the ticketed guided night walks have already booked up. - NEXTpittsburgh: https://nextpittsburgh.com/environment/this-firefly-festival-about-100-miles-from-pittsburgh-sells-out-every-year/ SPORTS ---------------------------------------------------------------- Pirates (36-36) Sat Jun 13 · Marlins 2 · Pirates 3 · Final Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2 https://plaintextsports.com/mlb/2026-06-13/mia-pit Sun Jun 14 · Marlins 4 · Pirates 2 · Final https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * Cruz Out Four to Six Weeks Latest developments: The Pirates expect Oneil Cruz to miss four to six weeks and recalled Esmerlyn Valdez to cover the roster spot. Cruz's absence pulls a power bat from the lineup heading into a West Coast road trip against the Athletics and Rockies. Valdez gets the call-up to fill in. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/pirates/2026/06/11/oneil-cruz-injury-timeline-endy-rodriguez-esmerlyn-valdez/stories/202606110064 * Skenes on the Labor Fight Latest developments: Paul Skenes said players need to dig in for the looming labor fight as owners push a salary cap into collective-bargaining talks. The Pirates ace, writing himself into the center of MLB's brewing CBA battle, argued the union should hold firm against ownership. He pitches for one of the sport's lowest-spending clubs under owner Bob Nutting. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/pirates/2026/06/13/mlb-labor-payroll-skenes-nutting-cba-mlbpa-manfred/stories/202606130024 * McCarthy's Spring Takeaways Latest developments: Beat writers compiled 10 takeaways on Mike McCarthy and the Steelers from spring workouts, covering Aaron Rodgers, the secondary, and the running back room. Pittsburgh wrapped its offseason program under coach Mike McCarthy, with Aaron Rodgers running the offense and questions swirling around the safeties, backs, and DK Metcalf's role. Reports flagged how McCarthy is reshaping the team's identity ahead of training camp at Latrobe. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/steelers/2026/06/12/nfl-offseason-news-rodgers-mccarthy-porter-metcalf-dowdle-bernard/stories/202606120049 * Building Around Porter and Herbig Latest developments: Post-Gazette analysts weighed whether the Steelers can build a new young core around cornerback Joey Porter Jr. and edge rusher Nick Herbig. Porter and Herbig anchor a defense in transition, and the team faces decisions on Porter's next contract. Herbig recently landed a deal of his own after a long climb, per Cam Heyward's 'Not Just Football' show. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/steelers/2026/06/12/nfl-draft-news-rumors-joey-porter-jr-nick-herbig/stories/202606120048 - Not Just Football with Cam Heyward: https://www.youtube.com/shorts/0rfyueiCpE4 READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 1) Zitron argues the AI era is nearing its end, reading OpenAI's and Anthropic's moves to go public as a scramble for exit liquidity by two firms that burn billions a year with no path to profitability. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-1/ * Stratechery -- An Interview with Ben Bajarin About Apple, AI, and Compute Thompson interviews Ben Bajarin on Apple's WWDC announcements and the current state of the AI compute industry. https://stratechery.com/2026/an-interview-with-ben-bajarin-about-apple-ai-and-compute/ * Cal Newport -- Why Isn't AI Taking Our Jobs? Newport questions the AI industry's stock comparison to industrial automation, observing that the wave of job displacement its leaders predicted has yet to arrive. https://calnewport.com/why-isnt-ai-taking-our-jobs/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1550 ▼ -0.4% GBP/USD 1.3363 ▼ -0.6% USD/JPY 160.31 ▲ +0.3% ================================================================ Generated 2026-06-14 15:29 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================