================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 14, 2026 ================================================================ Defenders harden the software supply chain and turn AI loose on their own code, even as the same technology fuels the phishing machines law enforcement keeps tearing down. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Dual Use: Claude Opus 4.8 surfaced a critical Zcash flaw the same week the FBI dismantled an AI-powered phishing service, putting the technology on both sides of the fight. * Authentication Under Siege: A jailed school-district insider with lingering admin rights and Chinese operators who owned a target's auth stack for a decade show attackers winning by controlling who gets to log in. * Supply Chain Hardening: npm's move to stop running dependency scripts by default attacks the install-time code execution behind a run of recent package compromises. SECURITY ---------------------------------------------------------------- :: SOFTWARE SUPPLY CHAIN 1. NPM 12 DISABLES DEPENDENCY SCRIPTS BY DEFAULT [supply-chain, patch] Latest developments: npm 12 will stop running install scripts from dependencies unless a developer explicitly allows each one. Today npm install runs the lifecycle scripts a package defines, the exact mechanism attackers abuse to execute code the moment a developer pulls a poisoned dependency. Version 12 flips the default so those scripts stay dormant until a developer opts in per package. The change goes after the install-time execution behind a string of JavaScript ecosystem compromises. Teams should expect builds that genuinely need scripts to declare them. - SecurityWeek: https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/ :: VULNERABILITIES AND EXPLOITS 2. CLAUDE OPUS 4.8 SURFACES CRITICAL ZCASH ORCHARD FLAW [vulnerability, cryptocurrency, ai] Latest developments: Researcher Taylor Hornby, working with Claude Opus 4.8, found a critical vulnerability in the Zcash Orchard privacy pool on May 29, and the Zcash team fixed it. Orchard, Zcash's newest privacy pool, arrived in 2022 to let users send shielded transactions. The Zcash team hired Hornby specifically to hunt for flaws, and he surfaced a critical one fast with help from Claude Opus 4.8. Developers patched it. Anyone holding Zcash should confirm they run the corrected software. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/critical-zcash-vulnerability-found-and-fixed.html :: RANSOMWARE AND CYBERCRIME 3. FORMER SCHOOL DISTRICT IT WORKER JAILED FOR SABOTAGE [insider-threat, breach] Latest developments: A court sentenced a former Iowa school district IT employee to 21 months in prison for a prolonged attack that deleted accounts and disrupted classrooms. The former administrator kept access after leaving and used it to wage a drawn-out attack on the district, deleting accounts, halting classroom operations, and running up tens of thousands of dollars in damage. The 21-month sentence measures the harm a trusted insider with lingering credentials still inflicts. Organizations should cut departing staff access the day they leave and watch privileged accounts for abuse. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/ :: THREAT DETECTION AND FORENSICS 4. NEW MACOS TAHOE 26 ARTIFACT TRACKS USER MENU CHOICES [forensics, macos] Latest developments: Unit 42 disclosed a previously unknown macOS Tahoe 26 forensic artifact that records the menu selections a user makes across the operating system. Palo Alto's Unit 42 found that macOS Tahoe 26 logs user menu selections throughout the system, a trail investigators can mine to reconstruct what someone did during an incident. The artifact hands forensic analysts a finer record of intent on a Mac. Defenders writing macOS investigation playbooks should fold it into their collection routines. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Trump Rebukes Israel Over Beirut Strike Latest developments: Trump publicly rebuked Israel and ordered Israel and Hezbollah to stand down after the Beirut strike, insisting the U.S.-Iran deal to reopen the Strait of Hormuz can still close Sunday. Israel hit what it called a Hezbollah command center on Beirut's outskirts, and Iran threatened to abandon the U.S. talks and retaliate. President Trump told both sides to halt attacks, racing to finalize an agreement that would end the U.S.-Iran war and reopen the Strait of Hormuz. - WSJ World News: https://www.wsj.com/world/middle-east/iran-threatens-to-pull-out-of-talks-after-israel-strikes-beiruts-outskirts-d0390e22 - FT World: https://www.ft.com/content/ce9286fb-b37c-4113-9ec3-0464144c4977 * China Launches Cross-Border Payments System to Rival Dollar Latest developments: Beijing unveiled a cross-border currency platform backed by the central banks of Hong Kong, Thailand, the UAE, and Saudi Arabia, its most concrete move yet to cut reliance on the dollar. China teed up a digital payments system to settle cross-border transactions outside dollar channels, drawing in Gulf and Southeast Asian central banks. The platform advances Beijing's long campaign to internationalize the yuan and blunt the reach of U.S. financial sanctions. - FT Markets: https://www.ft.com/content/76de5ca6-9ae8-49ae-a0cb-64d09040f327 PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Showers And Thunderstorms Likely, high 84F. Tonight: Showers And Thunderstorms then Mostly Cloudy, low 56F. Monday: Partly Sunny, high 71F. Business: * Nara Organics Recalls Baby Formula Latest developments: Nara Organics recalled infant formula sold at Target and online after a multistate infant botulism outbreak. Federal regulators linked the formula to infant botulism cases across several states. The recall covers products sold in Target stores and online, and parents should stop using affected lots. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/14/nara-organics-formula-recall/stories/202606140073 - WTAE: https://www.wtae.com/article/nara-organics-infant-formula-recall-botulism/71581963 * Pennsylvania Quarantines Farm Animals Over Screwworm Latest developments: Pennsylvania issued a quarantine order on farm animals as it tracks New World screwworm cases spreading through southwestern states. The flesh-eating parasite, contained for decades, has resurged in the U.S. Pennsylvania's order restricts animal movement to keep the pest out of the state's livestock. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/14/new-world-screwworm-quarantine-animals/stories/202606140069 Around town: * Hampton Township Road Project Restricts Traffic Latest developments: A $10.57 million improvement project will restrict traffic on a Hampton Township roadway for more than a month. The work covers drainage upgrades, milling and paving, and base repair. Drivers face restrictions through the duration of the job. - WPXI: https://www.wpxi.com/news/local/improvement-project-restrict-traffic-hampton-township-roadway-over-month/FQKY3MOKDRCC3PTPXYXSYFNHBU/ * Report Faults Pa. Teacher Reading Training Latest developments: A new report found nearly half of Pennsylvania's educator preparation programs fail to adequately train future teachers in how to teach reading. The finding lands as states overhaul reading instruction through new laws. The gap touches the colleges that supply Pennsylvania's classroom teachers. - TribLive: https://triblive.com/news/pennsylvania/many-pa-colleges-arent-properly-training-future-teachers-how-to-teach-reading-report-finds/ Events: * Pennsylvania Firefly Festival in Tionesta Latest developments: The festival, June 26 and 27, opens free daytime programming even as its guided nocturnal firefly sightings have sold out. The 14th annual Pennsylvania Firefly Festival runs Friday and Saturday, June 26 and 27, in Tionesta, in the Allegheny National Forest, about 100 miles north of Pittsburgh. The guided nighttime viewings are booked, though free daytime nature exhibits, music, and activities remain open. The forest holds at least 15 firefly species, all glowing this time of year. - NEXTpittsburgh Events: https://nextpittsburgh.com/environment/this-firefly-festival-about-100-miles-from-pittsburgh-sells-out-every-year/ SPORTS ---------------------------------------------------------------- Pirates (36-36) Sat Jun 13 · Marlins 2 · Pirates 3 · Final Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2 https://plaintextsports.com/mlb/2026-06-13/mia-pit Sun Jun 14 · Marlins 4 · Pirates 2 · Final Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2 https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * Oneil Cruz Out Four to Six Weeks Latest developments: The Pirates expect Oneil Cruz to miss four to six weeks and have recalled Esmerlyn Valdez to fill the roster spot. Cruz's absence pulls a power bat from the Pirates lineup. Valdez gets the call-up to cover the opening. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/11/oneil-cruz-injury-timeline-endy-rodriguez-esmerlyn-valdez/stories/202606110064 * Skenes Urges Players to Dig In on Labor Fight Latest developments: Paul Skenes, at the center of MLB's labor battle, said the players need to dig in ahead of a possible work stoppage. The Post-Gazette laid out how the Pirates ace views the fight over payroll, a salary cap, and the next collective bargaining agreement. Skenes argues players should hold firm against the owners. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/13/mlb-labor-payroll-skenes-nutting-cba-mlbpa-manfred/stories/202606130024 * Ten Takeaways on McCarthy's Steelers Latest developments: The Post-Gazette distilled 10 things it learned about Mike McCarthy and the Steelers during spring workouts, spanning Aaron Rodgers, Joey Porter Jr., DK Metcalf, and the backfield. The team wrapped its 2026 offseason program this week. The lessons cover the new offense under McCarthy, the quarterback room, and roster competition heading toward training camp at Saint Vincent College. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/12/nfl-offseason-news-rodgers-mccarthy-porter-metcalf-dowdle-bernard/stories/202606120049 READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 1) Zitron argues Silicon Valley's AI era is ending, reading OpenAI's and Anthropic's moves to go public as a scramble for exit liquidity by companies that burn billions a year with no path to profitability. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-1/ * Stratechery -- An Interview with Ben Bajarin About Apple, AI, and Compute Ben Thompson interviews Ben Bajarin on Apple's WWDC, its AI strategy, and the state of the AI compute industry. https://stratechery.com/2026/an-interview-with-ben-bajarin-about-apple-ai-and-compute/ * Cal Newport -- Why Isn’t AI Taking Our Jobs? Newport questions why AI has yet to eliminate jobs the way industrial automation did, challenging the analogy AI leaders draw between their technology and the machines that replaced human brawn. https://calnewport.com/why-isnt-ai-taking-our-jobs/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1550 ▼ -0.4% GBP/USD 1.3363 ▼ -0.6% USD/JPY 160.31 ▲ +0.3% ================================================================ Generated 2026-06-14 15:46 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================