daily plain-text briefing: security, markets, business, and pittsburgh
Google exposed UNC6508, a China-linked group that lurked in North American medical, military, and AI research networks for more than a year by hijacking REDCap servers and victims' own Google Workspace mail rules.
Latest developments: Google's Threat Intelligence Group disclosed UNC6508, a China-linked crew that compromised exposed REDCap research servers to plant InfiniteRed malware, steal credentials, and rewrite victims' Google Workspace mail rules to silently copy email for over a year.
UNC6508 targeted medical, academic, and military research institutions across North America, exfiltrating sensitive research and defense correspondence. The standout tradecraft was abusing the victims' own Workspace forwarding rules so stolen mail flowed out through trusted channels. Google says it discovered and disrupted the campaign after the group went undetected since early 2025. Organizations running REDCap should patch exposed servers, rotate credentials, and audit Workspace mail-forwarding rules.
Sources: The Hacker News · Help Net Security · SecurityWeek · BleepingComputer
Latest developments: Proofpoint flagged two campaigns matching the North Korean Contagious Interview cluster, also tracked as Famous Chollima, that use developer recruitment and code-review lures to turn engineering tools into malware delivery channels.
The threat actor poses as recruiters or reviewers to push developers toward booby-trapped code and tasks that deliver malware. The approach exploits the trust engineers place in job offers and pull-request reviews. North Korea has long used such social engineering to fund operations and steal cryptocurrency. Developers should treat unsolicited recruiter coding challenges and review requests as potential malware vectors and run them only in isolated environments.
Sources: The Hacker News
Latest developments: Varonis Threat Labs detailed SearchLeak, a now-patched three-bug chain that let one click on a genuine microsoft.com link pull emails, calendar entries, indexed files, and MFA codes out of Microsoft 365 Copilot Enterprise Search.
The attack chained prompt-injection and hidden-URL tricks so the malicious link resolved to a real Microsoft domain, slipping past anti-phishing and URL filters. A single victim click could drain a target's mailbox, OneDrive, or SharePoint. Microsoft has fixed the flaw, but researchers frame it as one of a growing class of AI prompt-injection issues that weaponize trusted infrastructure. Enterprises running Copilot should confirm the patch and treat AI assistants as a live data-exfiltration surface.
Sources: BleepingComputer · The Hacker News · Dark Reading
Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, prompting an investigation, and separately took personal data on more than 137,000 school staff from the Infinite Campus K-12 platform through a March Salesforce theft.
The extortion group threatens to leak Council of Europe data including employee personal information, and the continent's oldest intergovernmental body is probing the claims. The Infinite Campus haul ties into ShinyHunters' broader Salesforce data-theft spree against widely used SaaS systems. Affected schools and staff face identity-theft exposure. Organizations using Salesforce should review third-party connection access and monitor for follow-on extortion.
Sources: BleepingComputer · SecurityWeek · BleepingComputer
Latest developments: Cisco patched CVE-2026-20262, a Catalyst SD-WAN Manager flaw attackers exploited as a zero-day to escalate to root, and CISA added it alongside CVE-2026-54420 in the LiteSpeed cPanel plugin to its Known Exploited Vulnerabilities catalog.
The vManage flaw let attackers reach root privileges on Cisco's central SD-WAN controller, a high-value target for lateral movement across managed networks. The LiteSpeed cPanel symlink-following bug rounds out the day's confirmed exploitation on hosting infrastructure. CISA's KEV listing sets federal patch deadlines and signals active in-the-wild use. Administrators running Catalyst SD-WAN Manager or the LiteSpeed cPanel plugin should patch immediately.
Sources: BleepingComputer · CISA Advisories
Latest developments: An attacker tampered with trusted JavaScript served through Awesome Motive's CDN for the OptinMonster, TrustPulse, and PushEngage plugins, turning those files into a way to create attacker-controlled admin accounts and install hidden backdoor plugins.
The malicious code fired only when a logged-in administrator loaded a page, sparing ordinary visitors and slowing detection. Because the scripts came from the plugins' legitimate content distribution network, sites trusted them by default. The three plugins run on large numbers of WordPress sites, widening the blast radius. Site owners should audit for rogue admin accounts and unfamiliar plugins, then rotate credentials.
Sources: BleepingComputer · The Hacker News
Latest developments: Maine took its public data-breach notification portal offline after someone filed fraudulent disclosures impersonating VRChat and Discord, and the attorney general will keep public access closed until an audit of submission procedures finishes.
The fake notices abused a transparency system meant to inform residents of real breaches, undermining its credibility. Companies can still report breaches, but the public-facing portal stays dark pending review. The episode shows how open self-reporting tools invite abuse without verification controls. Other states running similar public breach registries face the same gap.
Sources: The Record · SecurityWeek · Graham Cluley
Latest developments: A threat group calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, with a ransomware attack that shut down its mills.
The attack disrupted physical production at a major agricultural processor, the latest manufacturer pushed offline by ransomware. Mill shutdowns carry seasonal supply consequences for an industry built around harvest timing. The Gentlemen is an emerging brand in the extortion landscape. Operators in food and agriculture should harden operational-technology segmentation and rehearse recovery from a production stoppage.
Sources: SecurityWeek
Latest developments: The European Union began formal accession negotiations with Ukraine on Monday after Hungary's new leadership dropped the veto that had blocked the process.
Ukraine now enters years of required legal and economic reforms to align with EU standards while still fighting Russia. Membership would push the bloc eastward and tie Kyiv's economy and security to Brussels.
Sources: FT World
Tonight: Mostly Clear, low 51F.
Tuesday: Mostly Sunny, high 77F.
Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F.
Latest developments: The Prix Versailles, which honors architecture, placed Pittsburgh International on its annual list of the world's most beautiful airports.
The recognition raises the airport's design profile as it courts airlines and passengers. The Prix Versailles judges buildings worldwide for their architecture and public spaces.
Sources: Pittsburgh Post-Gazette
Latest developments: Milanes Cuban Corner, which began as a popular food truck, has grown into a brick-and-mortar restaurant in McKees Rocks, owners Carlos and Collyn Milanes told KDKA.
The family business built its following on a pressed Cuban sandwich of pork and pickles. The new storefront adds to the McKees Rocks dining scene.
Sources: KDKA
Latest developments: Pittsburgh is closing in on final settlements with most people hurt when the Fern Hollow Bridge collapsed, the Post-Gazette reported.
The Forbes Avenue bridge over Frick Park fell in January 2022, dropping a bus and several vehicles into the ravine and injuring multiple people. The settlements would resolve most remaining claims more than four years on.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh's public pools opened for the summer, and the city posted hours, fees, and a roster of other summer events.
The seasonal opening gives residents access to municipal swimming across city neighborhoods. The Post-Gazette laid out operating hours and admission fees.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh Regional Transit released its service schedule for Juneteenth National Freedom Day on June 19.
Riders should expect a holiday timetable on buses and rail. The agency published the adjusted schedule ahead of the Friday holiday.
Sources: WPXI
Latest developments: Meteorologists and crews surveyed damage Monday in Beaver and Butler counties, where Sunday's storms toppled trees, cut power, and tore a machine shed from its foundation at a Butler County farm.
The National Weather Service confirmed a tornado crossed into Beaver County among at least three that touched down across the area. Residents in White Township, Darlington, and Ambridge spent Monday clearing debris.
Latest developments: A bear turned up on camera in a Pittsburgh neighborhood, the latest in a string of urban sightings, leading KDKA to ask an expert whether more bears now live in the city.
Wildlife experts say bears increasingly wander into residential areas looking for food. Officials urge residents to secure trash and keep their distance.
Sources: KDKA
Latest developments: The Post-Gazette spotlighted PastFinders, an app that guides users to Pittsburgh movie locations.
The app lets visitors stand on Downtown spots where 'The Dark Knight Rises' filmed and trace other scenes shot across the city. The self-guided tour runs on a smartphone at the user's own pace.
Sources: Post-Gazette Arts & Entertainment
Pirates (36-36)
Sun Jun 14 · Marlins 4 · Pirates 2 · Final
Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2
Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM
Latest developments: The Post-Gazette weighed whether any Steelers rookies, including receiver Germie Bernard and lineman Max Iheanachor, look ready to help quickly after OTAs and minicamp.
The Steelers wrapped their offseason program last week. Beat writers gauged which draft picks made early impressions before training camp opens in Latrobe.
Sources: Post-Gazette Steelers
Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked every NFL division by quarterback talent.
The team podcast measured where the AFC North stands against the rest of the league at the position, part of an offseason series sizing up the quarterback landscape.
Sources: Pittsburgh Steelers (YouTube)
Latest developments: The Post-Gazette's MiLB Monday examined whether former top Pirates pick Termarr Johnson is turning his season around.
Johnson, a high first-round draft choice, has worked to find his footing in the Pirates' farm system. The update tracks his recent progress alongside other prospects.
Sources: Post-Gazette Pirates
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%