================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Monday, June 15, 2026 ================================================================ A one-click flaw in Microsoft 365 Copilot quietly siphoned enterprise mailboxes and MFA codes, opening a day in which AI tooling itself became the attack surface. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Tooling: Researchers turned Microsoft 365 Copilot and the LiteLLM gateway into data-theft and server-takeover paths, marking AI assistants and gateways as fresh enterprise attack surface. * Supply Chain: An Awesome Motive CDN hijack tainted three popular WordPress plugins, the latest case of trusted distribution channels carrying attacker code straight into production. * Agent Identity: A wave of launches from Omada, Delinea, Cyera, 1Password, and NewCore aims governance and credential brokering at AI agents and non-human identities multiplying inside enterprises. * AI-Found Flaws: FIRST credits self-directed AI bug hunters for pushing 2026 toward a record 66,000 CVEs, reshaping the disclosure pipeline defenders must keep pace with. SECURITY ---------------------------------------------------------------- :: AI SECURITY 1. AI ASSISTANTS AND GATEWAYS SPRING CRITICAL HOLES [ai, vulnerability, prompt-injection] Latest developments: Varonis chained three bugs into SearchLeak, a one-click path that pulls mail, calendar, indexed files, and MFA codes out of Microsoft 365 Copilot Enterprise Search through a genuine microsoft.com link, and Obsidian Security showed a default low-privilege LiteLLM account climbing to full admin and remote code execution. SearchLeak hid malicious URLs behind a trusted Microsoft domain, so URL filters and anti-phishing tools waved the link through; Microsoft has patched the chain. The LiteLLM flaw matters because that open-source gateway brokers calls to more than 100 model providers, and a server takeover exposes every provider key and secret it holds. Both targets sit inside infrastructure enterprises now wire into daily work. Apply the Copilot fix, update LiteLLM, and audit default accounts and broker permissions. - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ - The Hacker News: https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html - Dark Reading: https://www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft - The Hacker News: https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html 2. AI BUG HUNTING DRIVES CVES TOWARD 66,000 [vulnerability, ai] Latest developments: FIRST now forecasts 2026 will close near 66,000 CVEs, well above its original projection, with the running count already sitting far ahead of plan because AI tools have begun hunting software flaws on their own and doing it well. Automated, AI-driven discovery is accelerating disclosure faster than analysts predicted at the start of the year. The surge strains triage and patch programs that already struggle to keep current. Security teams should lean on risk-based prioritization, exploit-aware feeds such as CISA's known exploited catalog, and automation to match the rising volume. - Help Net Security: https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/ :: NATION-STATE ACTIVITY 3. UNC6508 LOOTS RESEARCH NETWORKS THROUGH REDCAP [apt, espionage, china] Latest developments: Google's Threat Intelligence Group detailed how UNC6508 breached exposed REDCap research servers to plant InfiniteRed malware, then rewired victims' own Google Workspace mail rules to auto-copy every message outward, hiding in North American medical, academic, military, and AI research networks for more than a year. The China-linked group, which Google has tracked since early 2025, used a backdoor on REDCap servers to steal login credentials and gain persistent access. The exfiltration stood out for abusing the victims' legitimate Workspace forwarding rules, blending theft into normal mail flow. Targets span medical, academic, and defense research, with artificial-intelligence work newly in the crosshairs. Institutions should patch exposed REDCap deployments, hunt for rogue Workspace rules, and review forwarding configurations. - Help Net Security: https://www.helpnetsecurity.com/2026/06/15/chinese-hackers-redcap-medical-research-institutions-breach/ - The Hacker News: https://thehackernews.com/2026/06/chinese-hackers-abused-google-workspace.html - SecurityWeek: https://www.securityweek.com/chinese-hackers-target-medical-military-and-ai-research-in-north-america/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/ 4. NORTH KOREAN CREWS WEAPONIZE DEVELOPER RECRUITING [apt, north-korea, phishing] Latest developments: Proofpoint tied two fresh campaigns to the Contagious Interview cluster, also tracked as Famous Chollima and Void Dokkaebi, which baits software developers with fake recruiter and code-review lures to turn coding tools into malware delivery channels. The persistent North Korean cluster builds phishing around developer role recruitment and code review themes, luring engineers into running tainted projects. Delivering malware through trusted developer tooling lets the attackers slip past defenses tuned for ordinary email threats. Engineering teams should treat unsolicited coding tests and recruiter repositories as hostile and isolate any such code before execution. - The Hacker News: https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html :: VULNERABILITIES AND EXPLOITS 5. NETWORK GEAR ZERO-DAYS PILE INTO CISA CATALOG [zero-day, patch, exploit] Latest developments: Cisco patched CVE-2026-20262, a Catalyst SD-WAN Manager flaw attackers exploited as a zero-day to escalate to root, and CISA added it alongside the actively exploited LiteSpeed cPanel symlink flaw CVE-2026-54420 to its known exploited vulnerabilities catalog. The two fresh entries extend a week of edge and management-plane exploitation that already includes the SimpleHelp bug minting rogue technician accounts and the actively exploited PAN-OS GlobalProtect authentication bypass CVE-2026-0257. Attackers keep favoring the gear that sits at the network perimeter and governs remote access. Federal agencies face binding deadlines to remediate KEV entries. Administrators should apply Cisco's update, patch the LiteSpeed plugin, and prioritize internet-facing management interfaces. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog - BleepingComputer: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ - The Hacker News: https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html 6. WORDPRESS PLUGIN CDN HIJACK PLANTS BACKDOORS [supply-chain, wordpress, backdoor] Latest developments: An attacker tampered with JavaScript that Awesome Motive serves through its content distribution network for the OptinMonster, TrustPulse, and PushEngage plugins, so any logged-in administrator loading an affected page silently spawned a rogue admin account and a hidden backdoor plugin. The poisoned scripts triggered only when a site administrator was authenticated, leaving ordinary visitors untouched and the abuse quiet. The three plugins reach a large swath of WordPress sites through a single shared CDN, so one compromise scaled instantly. Site owners should rotate admin credentials, audit for unfamiliar accounts and plugins, and confirm the vendor has purged the tainted files. - BleepingComputer: https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/ - The Hacker News: https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html :: DATA BREACHES 7. SHINYHUNTERS EXTORTS COUNCIL OF EUROPE AND SCHOOLS [breach, extortion] Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, which opened an investigation, and the gang surfaced personal data on 137,000 Infinite Campus K-12 staff accounts taken in a March Salesforce data-theft raid. The Council of Europe, the continent's oldest intergovernmental body, is probing the extortion claim, which allegedly includes employee personal information. The Infinite Campus haul hit a widely used student information system through a Salesforce-targeting campaign, exposing school staff records. The group's pivot from Oracle PeopleSoft to fresh victims shows its Salesforce-centric data-theft playbook running wide. Affected organizations should notify staff, watch for follow-on phishing, and harden third-party SaaS connections. - BleepingComputer: https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/ - SecurityWeek: https://www.securityweek.com/shinyhunters-claims-council-of-europe-hack/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/ :: RANSOMWARE AND CYBERCRIME 8. RANSOMWARE HALTS AUSTRALIAN SUGAR MILLS [ransomware] Latest developments: A threat group calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, with a cyberattack that forced its mills offline. The intrusion disrupted physical production at a major agricultural operation, adding to a run of ransomware crews crippling industrial and food-supply targets. Mackay Sugar's mill shutdown shows operational technology environments paying the price when corporate networks fall. Manufacturers should segment OT from IT, validate offline backups, and rehearse manual fallback for core processes. - SecurityWeek: https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/ BUSINESS AND POLITICS ---------------------------------------------------------------- * U.S.-Iran Deal Signed, Hormuz Reopening Latest developments: Trump and Iran's top negotiator signed the memorandum of understanding electronically Monday, set a formal ceremony for Friday and a full reopening of the Strait of Hormuz by then, and the administration floated a $300 billion fund tied to Tehran's compliance. The accord commits Iran to dismantle its nuclear program, reopen the Strait of Hormuz, and end a war that jolted energy markets; oil settled at its lowest since March 4, gold rose 2.7%, and the Dow closed at a record. Netanyahu faces a domestic backlash over the easing of pressure on Tehran. - WSJ World News: https://www.wsj.com/world/middle-east/questions-about-trumps-iran-deal-set-to-dominate-g-7-fcd7fcbc - FT World: https://www.ft.com/content/088c14d3-f708-44d8-a306-7996aa5211de - WSJ Markets: https://www.wsj.com/finance/global-stocks-markets-dow-news-06-15-2026-c6898869?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Clear, low 51F. Tuesday: Mostly Sunny, high 77F. Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F. Business: * Astrobotic Ships Griffin Lander for Testing Latest developments: Astrobotic sent its Griffin lunar lander out for environmental testing ahead of launch, Pittsburgh's second moonshot after the Peregrine mission. Astrobotic, the Pittsburgh robotics company, builds the Griffin lander to deliver payloads toward a planned NASA moon base; the shipment for testing marks a step toward its launch. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/tech-news/2026/06/15/astrobotic-spacex-nasa-moon-base-griffin-peregrine/stories/202606150033 * Pittsburgh International Named a Beautiful Airport Latest developments: The Prix Versailles placed Pittsburgh International on its annual list of the world's most beautiful airports. Pittsburgh International earned a spot on the Prix Versailles roster recognizing architectural design, a distinction the airport touts as it builds out its new terminal. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/development/2026/06/15/pittsburgh-international-worlds-most-beautiful-airports-prix-versailles/stories/202606150032 * Milanes Cuban Corner Grows in McKees Rocks Latest developments: Milanes Cuban Corner, which started as a food truck, has grown into a sit-down restaurant in McKees Rocks. Carlos and Collyn Milanes built a following on their pressed Cuban sandwich and have expanded the operation into a McKees Rocks storefront. - KDKA: https://www.cbsnews.com/pittsburgh/video/pickles-pork-and-perfectly-pressed-bread-with-milanes-cuban-corner/ Around town: * Fern Hollow Settlements Near Completion Latest developments: Pittsburgh is closing in on final settlements with most victims of the Fern Hollow Bridge collapse. The Forbes Avenue bridge over Frick Park fell in early 2022; the city now nears agreements resolving the bulk of the claims that followed. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/fern-hollow-bridge-collapse-settlements/stories/202606150036 * City Pools Open for the Season Latest developments: Pittsburgh's public pools have opened for the summer, with posted hours, fees, and a slate of city events. The city laid out admission fees and operating hours for its public pools now open for the season, part of its summer programming. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/pittsburgh-pools-hours-fees/stories/202606150035 * Transit Sets Juneteenth Schedule Latest developments: Pittsburgh Regional Transit released its service plan for Juneteenth on Friday, June 19. Pittsburgh Regional Transit will run a modified schedule for Juneteenth National Freedom Day, with riders advised to check times before traveling. - WPXI: https://www.wpxi.com/news/local/pittsburgh-regional-transit-announces-service-schedule-juneteenth-national-freedom-day/QCVRWU3BTZD4ZCZL2RU7723B6M/ Events: * Self-Guided Pittsburgh Film Tour Latest developments: A Pastfinders app now maps Pittsburgh movie-filming sites for a self-guided walking tour. The Pastfinders app routes visitors to spots where films shot in Pittsburgh, among them downtown locations used in 'The Dark Knight Rises,' for a self-guided tour anytime. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/movies/2026/06/11/pittsburgh-film-tour-app-pastfinders/stories/202605290043 SPORTS ---------------------------------------------------------------- Pirates (36-36) Sun Jun 14 · Marlins 4 · Pirates 2 · Final Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2 https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * Which Steelers Rookies Could Contribute Early Latest developments: After OTAs and minicamp, the Post-Gazette weighed which Steelers rookies, among them receiver Germie Bernard and lineman Max Iheanachor, look ready to contribute. Pittsburgh wrapped its offseason program, and beat coverage assessed which members of the rookie class could earn early roles this fall. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/15/nfl-news-rumors-germie-bernard-max-iheanachor/stories/202606150028 * Termarr Johnson Trending Up in the Minors Latest developments: The Post-Gazette's MiLB Monday asked whether former top Pirates pick Termarr Johnson is turning his season around. Termarr Johnson, a high Pirates draft choice, has labored in the minor leagues; recent play points to a possible turnaround as he climbs toward the majors. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/15/mlb-prospects-termarr-johnson-edward-florentino-tony-blanco/stories/202606150020 * SNR Drive Ranks Divisions by Quarterback Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked the NFL's divisions by quarterback talent. The team's SNR Drive show measured each division's quarterback strength, sizing up where the AFC North stands across the league. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=yFuV9I1SkMw READING ---------------------------------------------------------------- * Ed Zitron -- AI's Brokenomics Zitron dissects the economics of the leading AI companies, arguing their spending and revenue do not add up to a viable business as they race toward public offerings. https://www.wheresyoured.at/brokenomics/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Reacting to a survey of 6,000 digital workers, Newport argues that knowledge work was already dysfunctional and that AI exposes existing problems rather than creating new ones. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ * Stratechery -- Anthropic's Safety Superpower Thompson argues that Anthropic's conviction in its own safety mission gives it license to pursue its business aggressively and even push back against the U.S. government. https://stratechery.com/2026/anthropics-safety-superpower/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-15 18:43 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================