daily plain-text briefing: security, markets, business, and pittsburgh
A one-click flaw in Microsoft 365 Copilot quietly siphoned enterprise mailboxes and MFA codes, opening a day in which AI tooling itself became the attack surface.
Latest developments: Varonis chained three bugs into SearchLeak, a one-click path that pulls mail, calendar, indexed files, and MFA codes out of Microsoft 365 Copilot Enterprise Search through a genuine microsoft.com link, and Obsidian Security showed a default low-privilege LiteLLM account climbing to full admin and remote code execution.
SearchLeak hid malicious URLs behind a trusted Microsoft domain, so URL filters and anti-phishing tools waved the link through; Microsoft has patched the chain. The LiteLLM flaw matters because that open-source gateway brokers calls to more than 100 model providers, and a server takeover exposes every provider key and secret it holds. Both targets sit inside infrastructure enterprises now wire into daily work. Apply the Copilot fix, update LiteLLM, and audit default accounts and broker permissions.
Sources: BleepingComputer · The Hacker News · Dark Reading · The Hacker News
Latest developments: FIRST now forecasts 2026 will close near 66,000 CVEs, well above its original projection, with the running count already sitting far ahead of plan because AI tools have begun hunting software flaws on their own and doing it well.
Automated, AI-driven discovery is accelerating disclosure faster than analysts predicted at the start of the year. The surge strains triage and patch programs that already struggle to keep current. Security teams should lean on risk-based prioritization, exploit-aware feeds such as CISA's known exploited catalog, and automation to match the rising volume.
Sources: Help Net Security
Latest developments: Google's Threat Intelligence Group detailed how UNC6508 breached exposed REDCap research servers to plant InfiniteRed malware, then rewired victims' own Google Workspace mail rules to auto-copy every message outward, hiding in North American medical, academic, military, and AI research networks for more than a year.
The China-linked group, which Google has tracked since early 2025, used a backdoor on REDCap servers to steal login credentials and gain persistent access. The exfiltration stood out for abusing the victims' legitimate Workspace forwarding rules, blending theft into normal mail flow. Targets span medical, academic, and defense research, with artificial-intelligence work newly in the crosshairs. Institutions should patch exposed REDCap deployments, hunt for rogue Workspace rules, and review forwarding configurations.
Sources: Help Net Security · The Hacker News · SecurityWeek · BleepingComputer
Latest developments: Proofpoint tied two fresh campaigns to the Contagious Interview cluster, also tracked as Famous Chollima and Void Dokkaebi, which baits software developers with fake recruiter and code-review lures to turn coding tools into malware delivery channels.
The persistent North Korean cluster builds phishing around developer role recruitment and code review themes, luring engineers into running tainted projects. Delivering malware through trusted developer tooling lets the attackers slip past defenses tuned for ordinary email threats. Engineering teams should treat unsolicited coding tests and recruiter repositories as hostile and isolate any such code before execution.
Sources: The Hacker News
Latest developments: Cisco patched CVE-2026-20262, a Catalyst SD-WAN Manager flaw attackers exploited as a zero-day to escalate to root, and CISA added it alongside the actively exploited LiteSpeed cPanel symlink flaw CVE-2026-54420 to its known exploited vulnerabilities catalog.
The two fresh entries extend a week of edge and management-plane exploitation that already includes the SimpleHelp bug minting rogue technician accounts and the actively exploited PAN-OS GlobalProtect authentication bypass CVE-2026-0257. Attackers keep favoring the gear that sits at the network perimeter and governs remote access. Federal agencies face binding deadlines to remediate KEV entries. Administrators should apply Cisco's update, patch the LiteSpeed plugin, and prioritize internet-facing management interfaces.
Sources: BleepingComputer · CISA Advisories · BleepingComputer · The Hacker News
Latest developments: An attacker tampered with JavaScript that Awesome Motive serves through its content distribution network for the OptinMonster, TrustPulse, and PushEngage plugins, so any logged-in administrator loading an affected page silently spawned a rogue admin account and a hidden backdoor plugin.
The poisoned scripts triggered only when a site administrator was authenticated, leaving ordinary visitors untouched and the abuse quiet. The three plugins reach a large swath of WordPress sites through a single shared CDN, so one compromise scaled instantly. Site owners should rotate admin credentials, audit for unfamiliar accounts and plugins, and confirm the vendor has purged the tainted files.
Sources: BleepingComputer · The Hacker News
Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, which opened an investigation, and the gang surfaced personal data on 137,000 Infinite Campus K-12 staff accounts taken in a March Salesforce data-theft raid.
The Council of Europe, the continent's oldest intergovernmental body, is probing the extortion claim, which allegedly includes employee personal information. The Infinite Campus haul hit a widely used student information system through a Salesforce-targeting campaign, exposing school staff records. The group's pivot from Oracle PeopleSoft to fresh victims shows its Salesforce-centric data-theft playbook running wide. Affected organizations should notify staff, watch for follow-on phishing, and harden third-party SaaS connections.
Sources: BleepingComputer · SecurityWeek · BleepingComputer
Latest developments: A threat group calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, with a cyberattack that forced its mills offline.
The intrusion disrupted physical production at a major agricultural operation, adding to a run of ransomware crews crippling industrial and food-supply targets. Mackay Sugar's mill shutdown shows operational technology environments paying the price when corporate networks fall. Manufacturers should segment OT from IT, validate offline backups, and rehearse manual fallback for core processes.
Sources: SecurityWeek
Latest developments: Trump and Iran's top negotiator signed the memorandum of understanding electronically Monday, set a formal ceremony for Friday and a full reopening of the Strait of Hormuz by then, and the administration floated a $300 billion fund tied to Tehran's compliance.
The accord commits Iran to dismantle its nuclear program, reopen the Strait of Hormuz, and end a war that jolted energy markets; oil settled at its lowest since March 4, gold rose 2.7%, and the Dow closed at a record. Netanyahu faces a domestic backlash over the easing of pressure on Tehran.
Sources: WSJ World News · FT World · WSJ Markets
Tonight: Mostly Clear, low 51F.
Tuesday: Mostly Sunny, high 77F.
Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F.
Latest developments: Astrobotic sent its Griffin lunar lander out for environmental testing ahead of launch, Pittsburgh's second moonshot after the Peregrine mission.
Astrobotic, the Pittsburgh robotics company, builds the Griffin lander to deliver payloads toward a planned NASA moon base; the shipment for testing marks a step toward its launch.
Sources: Pittsburgh Post-Gazette
Latest developments: The Prix Versailles placed Pittsburgh International on its annual list of the world's most beautiful airports.
Pittsburgh International earned a spot on the Prix Versailles roster recognizing architectural design, a distinction the airport touts as it builds out its new terminal.
Sources: Pittsburgh Post-Gazette
Latest developments: Milanes Cuban Corner, which started as a food truck, has grown into a sit-down restaurant in McKees Rocks.
Carlos and Collyn Milanes built a following on their pressed Cuban sandwich and have expanded the operation into a McKees Rocks storefront.
Sources: KDKA
Latest developments: Pittsburgh is closing in on final settlements with most victims of the Fern Hollow Bridge collapse.
The Forbes Avenue bridge over Frick Park fell in early 2022; the city now nears agreements resolving the bulk of the claims that followed.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh's public pools have opened for the summer, with posted hours, fees, and a slate of city events.
The city laid out admission fees and operating hours for its public pools now open for the season, part of its summer programming.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh Regional Transit released its service plan for Juneteenth on Friday, June 19.
Pittsburgh Regional Transit will run a modified schedule for Juneteenth National Freedom Day, with riders advised to check times before traveling.
Sources: WPXI
Latest developments: A Pastfinders app now maps Pittsburgh movie-filming sites for a self-guided walking tour.
The Pastfinders app routes visitors to spots where films shot in Pittsburgh, among them downtown locations used in 'The Dark Knight Rises,' for a self-guided tour anytime.
Sources: Post-Gazette Arts & Entertainment
Pirates (36-36)
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: After OTAs and minicamp, the Post-Gazette weighed which Steelers rookies, among them receiver Germie Bernard and lineman Max Iheanachor, look ready to contribute.
Pittsburgh wrapped its offseason program, and beat coverage assessed which members of the rookie class could earn early roles this fall.
Sources: Post-Gazette Steelers
Latest developments: The Post-Gazette's MiLB Monday asked whether former top Pirates pick Termarr Johnson is turning his season around.
Termarr Johnson, a high Pirates draft choice, has labored in the minor leagues; recent play points to a possible turnaround as he climbs toward the majors.
Sources: Post-Gazette Pirates
Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked the NFL's divisions by quarterback talent.
The team's SNR Drive show measured each division's quarterback strength, sizing up where the AFC North stands across the league.
Sources: Pittsburgh Steelers (YouTube)
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%