================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Monday, June 15, 2026 ================================================================ Google exposed UNC6508, a China-linked group that lurked in North American medical, military, and AI research networks for more than a year by hijacking REDCap servers and victims' own Google Workspace mail rules. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Attack Surface: A one-click Microsoft 365 Copilot exfiltration chain, a LiteLLM gateway takeover, and research showing 13 words of Reddit text can poison AI search all turn the AI stack itself into exploitable infrastructure. * Machine Identity: Delinea, Omada, 1Password, NewCore, and Trust3 all shipped products this day to govern non-human and AI-agent identities, marking access sprawl from autonomous agents as the next enterprise risk. * AI-Found Bugs: FIRST now projects 2026 will reach roughly 66,000 CVEs because AI tools have begun hunting software flaws on their own, lifting disclosures well past the year's original forecast. * Espionage Persistence: UNC6508's year inside research networks, Velvet Ant's near-decade in an authentication stack, and North Korea's recruiter-themed lures show nation-state crews prizing long, quiet dwell time. SECURITY ---------------------------------------------------------------- :: NATION-STATE ACTIVITY 1. UNC6508 SPIES ON NORTH AMERICAN RESEARCH VIA REDCAP [apt, espionage, breach] Latest developments: Google's Threat Intelligence Group disclosed UNC6508, a China-linked crew that compromised exposed REDCap research servers to plant InfiniteRed malware, steal credentials, and rewrite victims' Google Workspace mail rules to silently copy email for over a year. UNC6508 targeted medical, academic, and military research institutions across North America, exfiltrating sensitive research and defense correspondence. The standout tradecraft was abusing the victims' own Workspace forwarding rules so stolen mail flowed out through trusted channels. Google says it discovered and disrupted the campaign after the group went undetected since early 2025. Organizations running REDCap should patch exposed servers, rotate credentials, and audit Workspace mail-forwarding rules. - The Hacker News: https://thehackernews.com/2026/06/chinese-hackers-abused-google-workspace.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/15/chinese-hackers-redcap-medical-research-institutions-breach/ - SecurityWeek: https://www.securityweek.com/chinese-hackers-target-medical-military-and-ai-research-in-north-america/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/ 2. NORTH KOREA'S CONTAGIOUS INTERVIEW TARGETS DEVELOPERS [apt, phishing, malware] Latest developments: Proofpoint flagged two campaigns matching the North Korean Contagious Interview cluster, also tracked as Famous Chollima, that use developer recruitment and code-review lures to turn engineering tools into malware delivery channels. The threat actor poses as recruiters or reviewers to push developers toward booby-trapped code and tasks that deliver malware. The approach exploits the trust engineers place in job offers and pull-request reviews. North Korea has long used such social engineering to fund operations and steal cryptocurrency. Developers should treat unsolicited recruiter coding challenges and review requests as potential malware vectors and run them only in isolated environments. - The Hacker News: https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html :: AI SECURITY 3. COPILOT SEARCHLEAK ENABLED ONE-CLICK DATA THEFT [zero-day, ai, patch] Latest developments: Varonis Threat Labs detailed SearchLeak, a now-patched three-bug chain that let one click on a genuine microsoft.com link pull emails, calendar entries, indexed files, and MFA codes out of Microsoft 365 Copilot Enterprise Search. The attack chained prompt-injection and hidden-URL tricks so the malicious link resolved to a real Microsoft domain, slipping past anti-phishing and URL filters. A single victim click could drain a target's mailbox, OneDrive, or SharePoint. Microsoft has fixed the flaw, but researchers frame it as one of a growing class of AI prompt-injection issues that weaponize trusted infrastructure. Enterprises running Copilot should confirm the patch and treat AI assistants as a live data-exfiltration surface. - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ - The Hacker News: https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html - Dark Reading: https://www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft :: DATA BREACHES 4. SHINYHUNTERS HITS COUNCIL OF EUROPE AND INFINITE CAMPUS [breach, extortion] Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, prompting an investigation, and separately took personal data on more than 137,000 school staff from the Infinite Campus K-12 platform through a March Salesforce theft. The extortion group threatens to leak Council of Europe data including employee personal information, and the continent's oldest intergovernmental body is probing the claims. The Infinite Campus haul ties into ShinyHunters' broader Salesforce data-theft spree against widely used SaaS systems. Affected schools and staff face identity-theft exposure. Organizations using Salesforce should review third-party connection access and monitor for follow-on extortion. - BleepingComputer: https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/ - SecurityWeek: https://www.securityweek.com/shinyhunters-claims-council-of-europe-hack/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/ :: VULNERABILITIES AND EXPLOITS 5. CISCO SD-WAN ZERO-DAY JOINS CISA KEV CATALOG [zero-day, patch] Latest developments: Cisco patched CVE-2026-20262, a Catalyst SD-WAN Manager flaw attackers exploited as a zero-day to escalate to root, and CISA added it alongside CVE-2026-54420 in the LiteSpeed cPanel plugin to its Known Exploited Vulnerabilities catalog. The vManage flaw let attackers reach root privileges on Cisco's central SD-WAN controller, a high-value target for lateral movement across managed networks. The LiteSpeed cPanel symlink-following bug rounds out the day's confirmed exploitation on hosting infrastructure. CISA's KEV listing sets federal patch deadlines and signals active in-the-wild use. Administrators running Catalyst SD-WAN Manager or the LiteSpeed cPanel plugin should patch immediately. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog 6. WORDPRESS PLUGIN CDN POISONED TO PLANT BACKDOORS [supply-chain, backdoor] Latest developments: An attacker tampered with trusted JavaScript served through Awesome Motive's CDN for the OptinMonster, TrustPulse, and PushEngage plugins, turning those files into a way to create attacker-controlled admin accounts and install hidden backdoor plugins. The malicious code fired only when a logged-in administrator loaded a page, sparing ordinary visitors and slowing detection. Because the scripts came from the plugins' legitimate content distribution network, sites trusted them by default. The three plugins run on large numbers of WordPress sites, widening the blast radius. Site owners should audit for rogue admin accounts and unfamiliar plugins, then rotate credentials. - BleepingComputer: https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/ - The Hacker News: https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html :: POLICY AND REGULATION 7. MAINE PULLS PUBLIC BREACH PORTAL AFTER FAKE FILINGS [policy, breach] Latest developments: Maine took its public data-breach notification portal offline after someone filed fraudulent disclosures impersonating VRChat and Discord, and the attorney general will keep public access closed until an audit of submission procedures finishes. The fake notices abused a transparency system meant to inform residents of real breaches, undermining its credibility. Companies can still report breaches, but the public-facing portal stays dark pending review. The episode shows how open self-reporting tools invite abuse without verification controls. Other states running similar public breach registries face the same gap. - The Record: https://therecord.media/maine-turns-off-breach-portal-fake-reports - SecurityWeek: https://www.securityweek.com/maine-disables-data-breach-portal-due-to-fake-submissions/ - Graham Cluley: https://www.bitdefender.com/en-us/blog/hotforsecurity/maine-take-down-data-breach-portal :: RANSOMWARE AND CYBERCRIME 8. GENTLEMEN RANSOMWARE HALTS AUSTRALIAN SUGAR MILLS [ransomware] Latest developments: A threat group calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, with a ransomware attack that shut down its mills. The attack disrupted physical production at a major agricultural processor, the latest manufacturer pushed offline by ransomware. Mill shutdowns carry seasonal supply consequences for an industry built around harvest timing. The Gentlemen is an emerging brand in the extortion landscape. Operators in food and agriculture should harden operational-technology segmentation and rehearse recovery from a production stoppage. - SecurityWeek: https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/ BUSINESS AND POLITICS ---------------------------------------------------------------- * EU Opens Membership Talks With Ukraine Latest developments: The European Union began formal accession negotiations with Ukraine on Monday after Hungary's new leadership dropped the veto that had blocked the process. Ukraine now enters years of required legal and economic reforms to align with EU standards while still fighting Russia. Membership would push the bloc eastward and tie Kyiv's economy and security to Brussels. - FT World: https://www.ft.com/content/19d88dc2-963b-45f2-9a23-9e328cc45948 PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Clear, low 51F. Tuesday: Mostly Sunny, high 77F. Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F. Business: * Pittsburgh International Named a Most Beautiful Airport Latest developments: The Prix Versailles, which honors architecture, placed Pittsburgh International on its annual list of the world's most beautiful airports. The recognition raises the airport's design profile as it courts airlines and passengers. The Prix Versailles judges buildings worldwide for their architecture and public spaces. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/development/2026/06/15/pittsburgh-international-worlds-most-beautiful-airports-prix-versailles/stories/202606150032 * Cuban Food Truck Opens McKees Rocks Restaurant Latest developments: Milanes Cuban Corner, which began as a popular food truck, has grown into a brick-and-mortar restaurant in McKees Rocks, owners Carlos and Collyn Milanes told KDKA. The family business built its following on a pressed Cuban sandwich of pork and pickles. The new storefront adds to the McKees Rocks dining scene. - KDKA: https://www.cbsnews.com/pittsburgh/video/pickles-pork-and-perfectly-pressed-bread-with-milanes-cuban-corner/ Around town: * Pittsburgh Nears Fern Hollow Settlements Latest developments: Pittsburgh is closing in on final settlements with most people hurt when the Fern Hollow Bridge collapsed, the Post-Gazette reported. The Forbes Avenue bridge over Frick Park fell in January 2022, dropping a bus and several vehicles into the ravine and injuring multiple people. The settlements would resolve most remaining claims more than four years on. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/fern-hollow-bridge-collapse-settlements/stories/202606150036 * City Pools Open for the Season Latest developments: Pittsburgh's public pools opened for the summer, and the city posted hours, fees, and a roster of other summer events. The seasonal opening gives residents access to municipal swimming across city neighborhoods. The Post-Gazette laid out operating hours and admission fees. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/pittsburgh-pools-hours-fees/stories/202606150035 * Transit Sets Juneteenth Schedule Latest developments: Pittsburgh Regional Transit released its service schedule for Juneteenth National Freedom Day on June 19. Riders should expect a holiday timetable on buses and rail. The agency published the adjusted schedule ahead of the Friday holiday. - WPXI: https://www.wpxi.com/news/local/pittsburgh-regional-transit-announces-service-schedule-juneteenth-national-freedom-day/QCVRWU3BTZD4ZCZL2RU7723B6M/ * Storm Cleanup Across the Region Latest developments: Meteorologists and crews surveyed damage Monday in Beaver and Butler counties, where Sunday's storms toppled trees, cut power, and tore a machine shed from its foundation at a Butler County farm. The National Weather Service confirmed a tornado crossed into Beaver County among at least three that touched down across the area. Residents in White Township, Darlington, and Ambridge spent Monday clearing debris. - WPXI: https://www.wpxi.com/news/local/meteorologists-survey-damage-caused-by-severe-storms-beaver-county-residents-clean-up/DINTXNZQ65EDLPLHIEICTLXYHY/ - WTAE: https://www.wtae.com/article/severe-storms-cause-damage-at-butler-county-farm/71595229 * Bear Sightings in City Neighborhoods Latest developments: A bear turned up on camera in a Pittsburgh neighborhood, the latest in a string of urban sightings, leading KDKA to ask an expert whether more bears now live in the city. Wildlife experts say bears increasingly wander into residential areas looking for food. Officials urge residents to secure trash and keep their distance. - KDKA: https://www.cbsnews.com/pittsburgh/video/bear-caught-on-camera-in-pittsburgh-neighborhood-1/ Events: * Self-Guided Pittsburgh Film Tour Latest developments: The Post-Gazette spotlighted PastFinders, an app that guides users to Pittsburgh movie locations. The app lets visitors stand on Downtown spots where 'The Dark Knight Rises' filmed and trace other scenes shot across the city. The self-guided tour runs on a smartphone at the user's own pace. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/movies/2026/06/11/pittsburgh-film-tour-app-pastfinders/stories/202605290043 SPORTS ---------------------------------------------------------------- Pirates (36-36) Sun Jun 14 · Marlins 4 · Pirates 2 · Final Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2 https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * Which Rookies Could Contribute Early Latest developments: The Post-Gazette weighed whether any Steelers rookies, including receiver Germie Bernard and lineman Max Iheanachor, look ready to help quickly after OTAs and minicamp. The Steelers wrapped their offseason program last week. Beat writers gauged which draft picks made early impressions before training camp opens in Latrobe. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/15/nfl-news-rumors-germie-bernard-max-iheanachor/stories/202606150028 * SNR Drive Ranks Divisions by QB Talent Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked every NFL division by quarterback talent. The team podcast measured where the AFC North stands against the rest of the league at the position, part of an offseason series sizing up the quarterback landscape. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=yFuV9I1SkMw * Termarr Johnson Trending in the Minors Latest developments: The Post-Gazette's MiLB Monday examined whether former top Pirates pick Termarr Johnson is turning his season around. Johnson, a high first-round draft choice, has worked to find his footing in the Pirates' farm system. The update tracks his recent progress alongside other prospects. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/15/mlb-prospects-termarr-johnson-edward-florentino-tony-blanco/stories/202606150020 READING ---------------------------------------------------------------- * Ed Zitron -- AI's Brokenomics Zitron argues the economics underpinning the AI industry are broken, with leading labs burning billions of dollars a year and lacking a credible path to profitability. https://www.wheresyoured.at/brokenomics/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Drawing on a survey of 6,000 workers, Newport contends that digital knowledge work was already dysfunctional and that AI mainly exposes problems baked into how modern offices operate. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ * Stratechery -- Anthropic's Safety Superpower Thompson argues that Anthropic's conviction in its own commitment to safety gives the company license to aggressively favor its business interests and even challenge the U.S. government. https://stratechery.com/2026/anthropics-safety-superpower/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-15 18:52 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================