daily plain-text briefing: security, markets, business, and pittsburgh
Attackers hammered remote-access and VPN software with fresh zero-days while the FBI and Google tore down a phishing service that drained $1.9 billion.
Latest developments: Palo Alto Networks confirmed an unknown actor actively exploits CVE-2026-0257, an authentication-bypass flaw in PAN-OS GlobalProtect portals, and researchers disclosed a SimpleHelp bug that lets unauthenticated attackers mint privileged technician accounts on servers using OpenID Connect.
SimpleHelp's flaw hands an unauthenticated attacker the power to create privileged technician accounts on any server that uses OpenID Connect, granting full remote control. Palo Alto's CVE-2026-0257 lets an attacker bypass authentication on GlobalProtect portals and gateways, and exploitation is already under way. CISA the same day added Cisco's Catalyst SD-WAN Manager path-traversal bug and the LiteSpeed cPanel symlink flaw to its exploited catalog. Administrators should patch all four and audit any accounts created since.
Sources: The Hacker News · BleepingComputer · CISA Advisories
Latest developments: The FBI and Google together took down Outsider Enterprise, the China-based phishing-as-a-service operation, after counting more than 9,000 phishing sites, the theft of nearly 4 million credit cards, and roughly $1.9 billion in losses.
Outsider Enterprise rented a phishing kit built on Google's Gemini that blasted scam texts at Americans and harvested payment cards at scale. The joint takedown follows Google's earlier lawsuit against the operators. The figures—4 million stolen cards and $1.9 billion in losses—rank it among the larger phishing operations dismantled this year.
Sources: SecurityWeek
Latest developments: Google's Threat Intelligence Group named the group's custom malware InfiniteRed, revealed it has tracked the China-linked actor since early 2025, and added artificial-intelligence research to the medical, academic, and military targets it pursues.
UNC6508, a People's Republic of China contractor, breaks into exposed REDCap research servers and drops InfiniteRed to steal credentials and data. The group rewires victims' own Google Workspace mail rules to copy research and defense email out, a tactic that sidesteps conventional exfiltration detection. It lurked undetected for more than a year across North American institutions. Institutions should lock down internet-facing REDCap servers and review Workspace forwarding rules.
Sources: Help Net Security · BleepingComputer · SecurityWeek · The Hacker News
Latest developments: Finland's deputy prosecutor general charged the officers of a cargo ship with damaging two subsea telecommunications cables and attempting to damage eight more connections.
Finnish prosecutors brought criminal charges against a cargo ship's officers for severing two Baltic Sea telecom cables and trying to cut eight others. The case adds to a string of cable-cutting incidents that have rattled European critical infrastructure. A conviction would mark a rare criminal accounting for undersea-infrastructure damage.
Sources: The Record
Latest developments: Poland warned that the Belarus-linked Ghostwriter group has expanded its phishing to the personal Gmail accounts of senior public figures and their relatives.
Ghostwriter, tied to Belarus, has phished Polish targets for years through official systems. Poland now reports the group has shifted to personal Gmail accounts belonging to senior officials and their families, widening the reach to relatives who lack institutional defenses. Targets should turn on hardware-key two-factor authentication.
Sources: The Record
Latest developments: Maine took its public data breach notification portal offline after someone filed fraudulent disclosures impersonating VRChat and Discord, and will keep it restricted until an audit hardens submission checks.
An unknown party posted fake breach reports on Maine's public portal in the names of well-known technology firms. The state attorney general removed public access and will keep it limited pending an audit of its procedures. Companies can still file breach notices; the public simply loses easy visibility for now.
Sources: The Record · SecurityWeek · Graham Cluley
Latest developments: The FCC proposed a rule forcing U.S. telecoms to store a government-issued identification number and physical address for essentially every phone customer, ending anonymous prepaid accounts.
The proposed FCC rule would compel carriers to attach a verified identity to each phone account, killing the burner phone. Privacy and civil-rights advocates warn the mandated database of names, IDs, and addresses resembles surveillance regimes in authoritarian states. The plan would reshape how Americans buy and use prepaid service.
Sources: Schneier on Security
Latest developments: The Justice Department seized CFAKE.com and SOCFAKE.com in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act.
The two sites hosted nonconsensual AI-generated nude images and videos of women. The Justice Department's seizure marks the debut use of the TAKE IT DOWN Act's domain authority against deepfake-abuse infrastructure. The action signals the government will wield the statute to pull such platforms offline.
Sources: BleepingComputer
Latest developments: Beyond the signed memorandum and Friday timeline already reported, markets delivered the verdict Monday: the Dow industrials closed at a record, oil settled at its lowest since March 4, and average U.S. gasoline fell below $4 a gallon.
President Trump announced a deal ending the war with Iran, signed electronically ahead of a June 19 ceremony in Switzerland, that reopens the Strait of Hormuz, dismantles Tehran's nuclear program, and trades sanctions relief the administration may anchor with a $300 billion incentive fund tied to Iran's compliance. Global stocks rallied and gold settled 2.7% higher, though shipping groups still call the strait too risky, and only one vessel transited Monday.
Sources: WSJ Markets · FT Markets · WSJ World News · FT Markets
Tonight: Mostly Clear, low 51F.
Tuesday: Mostly Sunny, high 77F.
Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F.
Latest developments: A new local study puts the average cost of a Pittsburgh wedding above the national figure, the subject of KDKA's "Talk the Talk" segment Monday.
Couples marrying in Pittsburgh now spend more than the typical American wedding costs, according to a local study KDKA examined, a finding at odds with the region's reputation for low prices.
Sources: KDKA
Latest developments: Aldi pulled more than 500,000 packages of Park Street Deli Macaroni & Cheese nationwide over an allergen the label failed to declare.
The recall covers Park Street Deli Macaroni & Cheese sold at Aldi stores, a chain with locations across the Pittsburgh region, affecting more than 500,000 packages flagged for an undeclared allergen.
Sources: WTAE
Latest developments: Crews will fully close a stretch of the Parkway North later this week to demolish the Jacks Run Road Bridge over the highway, after equipment problems postponed a Monday-night start.
A section of the Parkway North will shut completely for the demolition of the Jacks Run Road Bridge that spans the highway; the work, first scheduled for Monday night, slipped to later in the week.
Sources: KDKA
Latest developments: The National Weather Service confirmed two tornado touchdowns in Columbiana County, Ohio, near the Beaver County line plus a third that crossed into Beaver County, while a Butler County farm tallied a machine shed torn from its foundation along with ruined crops and fruit trees.
Sunday's severe storms spawned at least three tornadoes across eastern Ohio and northwestern Pennsylvania, the weather service said Monday as surveys continued; cleanup of downed trees and power lines ran through Beaver County, Elizabeth Township, and the damaged Butler County farm.
Latest developments: Forecasters call for dry, comfortable conditions through midweek before rain returns Wednesday night and Thursday becomes an Impact Day for rain and storms.
Western Pennsylvania holds onto comfortable, dry weather to start the week, with rain arriving Wednesday night and Thursday flagged as an Impact Day for rain and thunderstorms.
Sources: WTAE
Latest developments: A black bear turned up on camera in a Pittsburgh neighborhood again, prompting KDKA to ask an expert how many bears now live within city limits.
Cameras keep capturing black bears moving through Pittsburgh neighborhoods; a wildlife expert told KDKA the repeated sightings raise the question of how many bears now range inside the city.
Sources: KDKA
Pirates (36-36)
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: Post-Gazette columnist Noah Hiles wrote that the Pirates must fix their bullpen now or watch it sink the season.
In his weekend column, the Post-Gazette's Noah Hiles called the relief corps the team's central flaw and pressed manager Don Kelly and general manager Ben Cherington to address it before the year slips away.
Sources: Post-Gazette Pirates
Latest developments: A source told the Post-Gazette the Pirates will promote pitcher Antwone Kelly, their No. 7 prospect, to reinforce a struggling bullpen.
The Pirates plan to call up Antwone Kelly, a pitching prospect ranked seventh in their system and a native of Aruba, to help a relief corps that has dragged on the season.
Sources: Post-Gazette Pirates
Latest developments: The Post-Gazette weighed whether the Steelers can build their next defensive core around cornerback Joey Porter Jr. and edge rusher Nick Herbig, whose new contract Cam Heyward's podcast marked as a long-awaited payoff.
A Post-Gazette video asked whether Pittsburgh can form a young defensive core around Joey Porter Jr. and Nick Herbig; on "Not Just Football with Cam Heyward," the show framed Herbig's new deal as the reward for a 20-year climb.
Sources: Post-Gazette Steelers · Not Just Football with Cam Heyward
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%