daily plain-text briefing: security, markets, business, and pittsburgh
A China-linked crew hid in North American research networks for a year by rewiring victims' own Google Workspace mail rules, as fresh exploits turned Microsoft Copilot and open-source AI gateways into one-click data-theft tools.
Latest developments: Google's Threat Intelligence Group disclosed UNC6508, which spent more than a year inside North American medical, academic, and military research networks, breaching exposed REDCap servers and rewiring victims' own Google Workspace mail rules to copy out research and defense email.
The group planted a credential-stealing backdoor called InfiniteRed on internet-facing REDCap research servers, then used the stolen logins to auto-forward sensitive messages through victims' Workspace settings, evading exfiltration alarms. Targets spanned medical, AI, and defense research institutions, and the actor sat undetected since early 2025. Organizations running REDCap should patch and isolate those servers, audit Workspace forwarding rules, and rotate credentials.
Sources: The Hacker News · Help Net Security · Dark Reading · SecurityWeek
Latest developments: Proofpoint tied two fresh campaigns to North Korea's Contagious Interview cluster, also called Famous Chollima, which now phishes developers with job-recruitment and code-review themes to deliver malware through development tools.
The actor lures software engineers with fake hiring or peer-review prompts, then pushes malicious code through trusted developer channels. The approach exploits the openness of coding workflows to slip past endpoint defenses. Engineering teams should verify recruiter and reviewer identities, sandbox unfamiliar code, and restrict what developer tooling can fetch and run.
Sources: The Hacker News
Latest developments: Varonis chained three bugs into SearchLeak, a one-click flaw that pulled emails, files, and MFA codes from Microsoft 365 Copilot Enterprise Search through a genuine microsoft.com link, while Obsidian Security disclosed a LiteLLM chain that lets a default low-privilege account seize the AI gateway and every model-provider key it holds.
SearchLeak abused prompt injection and hidden URLs so that anti-phishing and URL filters waved the trusted Microsoft domain straight through; Microsoft has patched it. The LiteLLM chain, in a gateway that brokers calls to more than 100 model providers, escalates to admin and remote code execution, exposing stored secrets. Separate research showed a 13-word snippet planted on Reddit or Wikipedia can steer AI search agents into emitting scam content. Patch Copilot and LiteLLM, and treat all AI-assistant inputs as untrusted.
Sources: The Hacker News · BleepingComputer · The Hacker News · 404 Media
Latest developments: The Forum of Incident Response and Security Teams raised its 2026 forecast toward 66,000 CVEs, well above its start-of-year projection, crediting AI tools that now autonomously hunt software flaws and find them effectively.
Disclosure volume for the first months of 2026 already outran expectations as automated discovery floods researchers and vendors with new findings. The surge strains patch pipelines and vulnerability-management teams who must triage far more reports. Security leaders should prioritize by exploitability and asset exposure rather than chase raw counts.
Sources: Help Net Security
Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, prompting an official probe, and disclosed that a March Salesforce theft against the Infinite Campus K-12 platform exposed personal data on more than 137,000 school staff.
The extortion gang keeps milking earlier Salesforce data-theft campaigns. The Council of Europe, the continent's oldest intergovernmental body, is investigating the claim, which allegedly includes employee personal information and carries a leak threat. The Infinite Campus haul affects school districts across the United States. Defenders should review Salesforce access, revoke stale OAuth tokens, and ready breach-notification procedures.
Sources: BleepingComputer · SecurityWeek · BleepingComputer
Latest developments: Cisco patched CVE-2026-20262, a path-traversal bug in Catalyst SD-WAN Manager that attackers exploited to escalate to root, and CISA added it plus the LiteSpeed cPanel plugin symlink flaw CVE-2026-54420 to its known-exploited catalog.
Both flaws sit in widely deployed management and hosting infrastructure, where a foothold yields broad control. The vManage bug grants root on the SD-WAN controller; the LiteSpeed plugin flaw enables symlink-following privilege abuse on cPanel servers. CISA's catalog listing binds federal agencies to fixed remediation deadlines. Apply Cisco's updates and the LiteSpeed patch immediately.
Sources: BleepingComputer · CISA Advisories
Latest developments: Attackers compromised the Awesome Motive content distribution network feeding OptinMonster, TrustPulse, and PushEngage, swapping trusted JavaScript so that an admin loading a page silently created a rogue admin account and installed a hidden plugin.
The poisoned files triggered only when a logged-in administrator loaded them, sparing ordinary visitors and slowing detection. The backdoor account and concealed plugin reopen access even after cleanup. Sites running any of the three plugins should audit administrator accounts, hunt for unknown plugins, and reinstall clean versions once the CDN is verified safe.
Sources: BleepingComputer · The Hacker News
Latest developments: A group calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, shutting down milling operations.
The attack disrupted industrial processing at a major food producer, the latest ransomware strike to cross from IT into operational systems. Outages at a seasonal processor threaten supply and grower payments. Manufacturers should segment operational technology from corporate networks, test offline backups, and rehearse production-loss recovery.
Sources: SecurityWeek
Latest developments: Trump said the Strait of Hormuz will fully reopen by Friday and that he and Iran's top negotiator have already signed the memorandum electronically ahead of a Friday ceremony, while the administration weighs a $300 billion incentive fund tied to Tehran's compliance.
The interim accord ends the U.S.-Iran war and lifts the naval blockade, reopening the world's busiest oil chokepoint. Oil settled at its lowest since March 4, average U.S. gasoline fell below $4 a gallon, and global stocks hit records, though shippers call passage still too risky and analysts expect weeks before traffic returns to half its prewar level.
Sources: WSJ World News · FT World · FT World · FT World
Latest developments: The European Union began accession negotiations with Ukraine after Hungary's new leadership dropped the veto that had stalled the process.
Ukraine enters a reform path expected to run years while it still fights Russia. Membership would extend the bloc eastward and bind Kyiv to EU law, the largest enlargement step in two decades.
Sources: FT World
This Afternoon: Mostly Sunny, high 72F.
Tonight: Mostly Clear, low 51F.
Tuesday: Mostly Sunny, high 77F.
Latest developments: Pittsburgh's Astrobotic sent its Griffin lunar lander out for environmental testing, the last major step before launch and a follow-on to its earlier Peregrine mission.
Griffin, built on the North Side, carries cargo toward a planned NASA moon base and counts as the region's second moonshot. SpaceX will handle the launch.
Sources: Pittsburgh Post-Gazette
Latest developments: The Prix Versailles placed Pittsburgh International on its annual World's Most Beautiful Airports list.
The recognition spotlights the airport's recently completed terminal in Findlay Township, a marquee piece of regional development.
Sources: Pittsburgh Post-Gazette
Latest developments: Milanes Cuban Corner, run by Carlos and Collyn Milanes, grew from a popular food truck into a brick-and-mortar restaurant in McKees Rocks.
The couple built a following on pressed Cuban sandwiches of pork and pickles and now serve them from a fixed location.
Sources: KDKA
Latest developments: The National Weather Service confirmed at least three tornadoes from Sunday's storms across northwestern Pennsylvania and eastern Ohio, including one that crossed into Beaver County, while crews cleared downed trees in Elizabeth Township and Darlington.
Sunday's severe weather toppled trees onto cars and power lines across the region. Surveys remain ongoing and no EF ratings are set.
Latest developments: Pittsburgh Regional Transit announced its service schedule for Juneteenth National Freedom Day on June 19.
Riders should check adjusted bus and rail times for the federal holiday before traveling.
Sources: WPXI
Latest developments: Pittsburgh is closing in on final settlements with most people hurt in the 2022 Fern Hollow Bridge collapse.
The Forbes Avenue span over Frick Park fell in January 2022, injuring people aboard a transit bus and in cars below; the city has worked through claims since.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh's public pools opened for the summer, and the city published hours, fees, and a roster of other summer events.
Residents can find pool hours, admission costs, and a calendar of city programming for the warm months ahead.
Sources: Pittsburgh Post-Gazette
Latest developments: A proposal before Allegheny County would require 18 weeks of paid parental leave from every employer with no exemptions, prompting a chief financial officer to make a public case for it in TribLive.
The mandate would cover all county employers regardless of size, leaving business owners to weigh the cost against retention and recruiting.
Sources: TribLive
Pirates (36-36)
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: After OTAs and minicamp, Post-Gazette writers flagged rookies Germie Bernard and Max Iheanachor as candidates to contribute quickly.
The video review weighed which first-year Steelers stood out in spring work ahead of training camp.
Sources: Post-Gazette Steelers
Latest developments: The Post-Gazette's MiLB Monday asked whether former top Pirates pick Termarr Johnson is turning his season around in the farm system.
Johnson, an early first-round draft choice, has worked to find form; the column also tracked prospects Edward Florentino and Tony Blanco.
Sources: Post-Gazette Pirates
Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked each NFL division by quarterback talent.
The team show broke down where the AFC North sits among the league's passing groups.
Sources: Pittsburgh Steelers (YouTube)
Latest developments: On Not Just Football with Cam Heyward, the show recounted how a team nearly ended the Cowboys dynasty.
The episode dug into the matchup as part of the podcast's football-history segments.
Sources: Not Just Football with Cam Heyward
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%