daily plain-text briefing: security, markets, business, and pittsburgh
Attackers actively exploit Palo Alto GlobalProtect and SimpleHelp at the network edge as Washington moves to end anonymous phones and curb AI model exports.
Latest developments: Palo Alto Networks confirmed an unknown actor actively exploits CVE-2026-0257, an authentication-bypass flaw in PAN-OS GlobalProtect portals and gateways, while a separate SimpleHelp flaw lets unauthenticated attackers mint privileged technician accounts on servers that use OpenID Connect.
SimpleHelp's remote management software lets unauthenticated attackers create privileged technician accounts on any server running OpenID Connect, handing them a foothold for deeper intrusion. Palo Alto Networks tracks active abuse of CVE-2026-0257, a 7.8-severity flaw, to reach GlobalProtect portals and gateways. Both products guard the network edge, the same ground Cisco, Ivanti, and Check Point flaws covered in recent weeks. Administrators should patch immediately and audit for rogue accounts.
Sources: The Hacker News · BleepingComputer
Latest developments: Users discovered that AMD removed Transparent Secure Memory Encryption from its consumer CPUs in what appears to be a deliberate, undisclosed change.
AMD removed Transparent Secure Memory Encryption from its consumer CPUs in what users describe as a deliberate, covert change. The feature scrambles data in RAM to blunt physical attacks such as cold-boot reads and DMA snooping. Stripping it leaves consumer machines more exposed while AMD reserves the protection for higher tiers. Researchers and customers want an explanation.
Sources: Ars Technica Security
Latest developments: The FBI and Google dismantled the Outsider Enterprise phishing-as-a-service operation, which ran more than 9,000 sites, stole nearly 4 million credit cards, and caused roughly $1.9 billion in losses, while Ukrainian national Oleksii Lytvynenko pleaded guilty to building a loader for Conti.
Outsider Enterprise rented a phishing kit that ran more than 9,000 sites, harvested close to 4 million credit cards, and inflicted about $1.9 billion in losses; Google sued the China-based network earlier, and the FBI has now helped take it down. In a separate case, 44-year-old Oleksii Lytvynenko admitted building a loader for Conti, the gang that struck more than 1,000 victims worldwide, and possessed data stolen from eight U.S. and four overseas victims. The two actions reach both the infrastructure and the coders behind large operations. The FBI also warned that fraudsters now dispatch couriers to collect cash from cryptocurrency investment-scam victims.
Sources: SecurityWeek · Help Net Security · BleepingComputer
Latest developments: Anthropic says the directive that forced it to disable Fable 5 and Mythos 5 invoked national-security authorities, the first time Washington has used such powers to curtail an AI model rather than chips or hardware.
Anthropic abruptly suspended worldwide access to its Fable 5 and Mythos 5 models after an export-control directive barred foreign nationals from using them. The company says the order cited national-security authorities, the first such use against an AI model rather than chips or hardware. Anthropic disputes the basis, calling the cited jailbreak narrow and the capability common elsewhere, even as it complies. Enterprises that depend on those models face sudden loss of access.
Sources: The Record · Dark Reading
Latest developments: Poland warned that Belarus-linked Ghostwriter expanded its phishing to the personal Gmail accounts of senior officials and their relatives, Finland charged a cargo ship's officers with damaging subsea cables, and a cyberattack on Russian firm Astral disrupted services for a week.
Poland warned that Ghostwriter, a Belarus-linked group, now phishes the personal Gmail accounts of senior public figures and their families. Finland charged a cargo ship's officers with damaging two subsea telecommunications cables and attempting to damage eight more connections. A cyberattack on Russian technology firm Astral knocked out cash registers, customer portals, corporate email, and digital-certificate authentication for a week. The three cases span espionage, physical sabotage, and disruption across Europe.
Sources: The Record · The Record · The Record
Latest developments: A proposed FCC rule would force every U.S. telecom to store a government-issued identification number and physical address for essentially all customers, ending anonymous prepaid accounts.
A proposed FCC rule would end burner phones by requiring carriers to record a government-issued identification number and physical address for nearly every customer. Privacy advocates and civil-rights groups compare the plan to surveillance regimes in authoritarian states. Anonymous prepaid accounts would disappear. The rule recasts phone service as an identity checkpoint.
Sources: Schneier on Security
Latest developments: The Justice Department seized CFAKE.com and SOCFAKE.com, which hosted nonconsensual AI-generated nude imagery, in the first publicly announced domain seizure under the TAKE IT DOWN Act.
The Justice Department seized CFAKE.com and SOCFAKE.com, sites that hosted nonconsensual AI-generated nude images and videos of women. The action marks the first publicly announced domain seizure under the TAKE IT DOWN Act. It signals federal willingness to wield the new authority against synthetic intimate imagery. Victims and platforms gain an enforcement precedent.
Sources: BleepingComputer
Latest developments: The Dow industrials closed at a record Monday, oil futures settled at their lowest since March 4, and U.S. pump prices fell below $4 a gallon after Trump set a full reopening of the Strait of Hormuz by Friday.
The United States and Iran signed a memorandum of understanding to end their war, dismantle Iran's nuclear program, and reopen the Strait of Hormuz, the conduit for roughly a fifth of the world's oil. Trump set a signing ceremony for Friday and said ships had begun moving, while shipping groups called the passage still too risky and trackers showed a single transit. The administration floated a $300 billion fund tied to Tehran's compliance.
Sources: WSJ Markets · WSJ Markets · FT Markets · WSJ World News
Latest developments: California Governor Gavin Newsom said Monday that the Justice Department opened an investigation into him and his wife, widening a campaign acting Attorney General Todd Blanche is running against people Trump names as enemies.
Trump has asked the department to investigate more than four dozen perceived adversaries, producing a string of prosecutions. Newsom, a potential 2028 Democratic presidential candidate, accused Trump of bending federal law enforcement to punish a political rival.
Sources: WSJ Politics · WSJ Politics
Tonight: Mostly Clear, low 51F.
Tuesday: Mostly Sunny, high 77F.
Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F.
Latest developments: The Post-Gazette detailed Astrobotic's Griffin lander leaving Pittsburgh for its last environmental test before a SpaceX launch, the mission tied to NASA's moon-base plans.
Griffin is Pittsburgh's second moonshot after the Peregrine mission. Astrobotic, based in the Strip District, faces one remaining round of testing before the lander launches toward the lunar surface.
Sources: Pittsburgh Post-Gazette
Latest developments: A local study found the average Pittsburgh wedding costs more than the national average, KDKA's "Talk the Talk" reported.
The segment examined why couples marrying in the region pay above the typical national bill for a wedding.
Sources: KDKA
Latest developments: The National Weather Service confirmed Monday that at least three tornadoes touched down Sunday across eastern Ohio and northwestern Pennsylvania, two in Columbiana County, Ohio near the Beaver County line and one that crossed into Beaver County.
Sunday's storms downed trees, tore a machine shed from its foundation at a Butler County farm, and knocked out power across Beaver, Butler, and Elizabeth Township. Crews spent Monday clearing debris as survey teams continued their work.
Latest developments: Part of the Parkway North will fully close later this week to demolish the Jacks Run Road Bridge; crews postponed Monday night's planned start after equipment trouble.
The shutdown of I-279 will reroute traffic between the North Side and the northern suburbs while the bridge over the parkway comes down.
Sources: KDKA
Latest developments: Aldi recalled more than 500,000 packages of Park Street Deli macaroni and cheese nationwide over an undeclared allergen.
The recall reaches Pittsburgh-area stores, the affected product carrying an allergen left off its label.
Sources: WTAE
Latest developments: Forecasters tagged Thursday an Impact Day for rain and storms, with showers returning Wednesday night after a dry, comfortable start to the week.
A stretch of pleasant weather holds through midweek across Western Pennsylvania before the next system arrives.
Sources: WTAE
Pirates (36-36)
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: The Post-Gazette's Noah Hiles wrote that the Pirates must repair their bullpen immediately or it will sink the season.
In his weekend column, Hiles pointed to manager Don Kelly's thin relief options and pressed the front office under Ben Cherington to act.
Sources: Post-Gazette Pirates
Latest developments: The Pirates promoted No. 7 prospect Antwone Kelly to shore up a faltering bullpen, the Post-Gazette reported, citing a source.
Kelly, signed out of Aruba, reached the major leagues for the first time as relief help.
Sources: Post-Gazette Pirates
Latest developments: The Post-Gazette weighed whether the Steelers can build a new defensive core around cornerback Joey Porter Jr. and edge rusher Nick Herbig, whose new contract Cam Heyward's podcast called 20 years in the making.
Herbig signed a deal the Steelers see as a building block alongside Porter as they reshape the defense around young players.
Sources: Post-Gazette Steelers · Not Just Football with Cam Heyward
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%