================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Monday, June 15, 2026 - 8:14 PM EDT ================================================================ A China-linked spy crew rewired victims' own Google Workspace to siphon defense and medical research, while a one-click Microsoft 365 Copilot flaw and poisoned WordPress plugins widened the software attack surface. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Exposure: The Copilot SearchLeak chain and research showing a 13-word Reddit snippet can hijack AI search both prove attackers keep turning trusted AI assistants into data-theft and disinformation channels. * Supply Chain: Poisoned WordPress plugin scripts served from a tampered CDN show attackers favoring trusted update paths to reach thousands of sites at once. * State Espionage: China's UNC6508 and North Korea's Contagious Interview both hunted researchers and developers, underscoring sustained nation-state pressure on knowledge workers. * Agent Identity: Launches from Omada, 1Password, Delinea, Trust3, and NewCore all target the ungoverned sprawl of AI-agent and machine identities now reaching enterprise data. * Extortion Reach: ShinyHunters claimed the Council of Europe and 137,000 Infinite Campus accounts in one day, showing how far its Salesforce-focused theft campaign now stretches. SECURITY ---------------------------------------------------------------- :: NATION-STATE ACTIVITY 1. CHINA'S UNC6508 LOOTS RESEARCH NETWORKS VIA REDCAP [apt, espionage, breach] Latest developments: Google's Threat Intelligence Group exposed UNC6508, a China-linked crew that hid for over a year inside North American medical, academic, and military research networks by compromising internet-exposed REDCap servers and rewiring victims' own Google Workspace filters to auto-copy outgoing mail. The group breached vulnerable REDCap research platforms, deployed custom InfiniteRed malware to harvest login credentials, and stole sensitive defense and clinical research email. The exfiltration stood out: attackers repurposed the targets' Workspace forwarding rules to copy any message they wanted. Institutions running REDCap should patch, audit Google Workspace mail rules, and hunt for unauthorized forwarding filters. - The Hacker News: https://thehackernews.com/2026/06/chinese-hackers-abused-google-workspace.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/15/chinese-hackers-redcap-medical-research-institutions-breach/ - SecurityWeek: https://www.securityweek.com/chinese-hackers-target-medical-military-and-ai-research-in-north-america/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/ 2. NORTH KOREA WEAPONIZES DEVELOPER RECRUITMENT [apt, north-korea, malware] Latest developments: Proofpoint tied two fresh campaigns to North Korea's Contagious Interview cluster, also called Famous Chollima, which now lures software engineers with recruitment and code-review themes to turn development tools into malware delivery channels. The actor poses as recruiters or reviewers and steers targets toward poisoned coding tasks that drop malware on their machines. The campaigns extend Pyongyang's long-running effort to compromise developers and cryptocurrency staff for theft and access. Engineers should treat unsolicited coding tests, recruiter repositories, and review requests as hostile until verified. - The Hacker News: https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html :: AI SECURITY 3. SEARCHLEAK TURNS MICROSOFT 365 COPILOT INTO A DATA THIEF [ai, vulnerability, prompt-injection] Latest developments: Varonis Threat Labs chained three bugs into SearchLeak, a one-click attack that pulls emails, calendar entries, OneDrive and SharePoint files, and even MFA codes out of Microsoft 365 Copilot Enterprise Search through a crafted link on a genuine microsoft.com domain; Microsoft has patched the chain. Because the malicious link pointed at a real Microsoft domain, URL filters and anti-phishing tools waved it through. SearchLeak belongs to a growing class of prompt-injection attacks that hide payloads in URLs and other variables, reaching enterprise data a victim never meant to share. Microsoft has fixed the flaw, and admins should confirm tenants run the patched build. - The Hacker News: https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html - Dark Reading: https://www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ :: RANSOMWARE AND CYBERCRIME 4. SHINYHUNTERS CLAIMS COUNCIL OF EUROPE AND SCHOOL DATA [extortion, breach, data-theft] Latest developments: ShinyHunters claimed it stole 297 GB from the Council of Europe, the continent's oldest intergovernmental body, which has opened an investigation, and separately surfaced as the gang behind a March Salesforce theft that exposed 137,000 Infinite Campus K-12 staff accounts. The extortion group keeps mining Salesforce instances for sellable data. It threatens to leak Council of Europe records that allegedly include employee personal information, and the Infinite Campus haul hit staff at the widely used student information system. Organizations on Salesforce should tighten access, review connected apps, and warn affected staff to expect targeting. - BleepingComputer: https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/ - SecurityWeek: https://www.securityweek.com/shinyhunters-claims-council-of-europe-hack/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/ 5. RANSOMWARE STOPS THE MILLS AT MACKAY SUGAR [ransomware, ot] Latest developments: A ransomware crew calling itself The Gentlemen hit Mackay Sugar, Australia's second-largest sugar producer, and shut down its mills. The attack halted milling at a major agricultural producer, idling operations that feed a regional supply chain. It marks another case of ransomware crossing from corporate IT into operational technology and food production. Mackay Sugar is working to restore service while the broader sector watches its exposure. - SecurityWeek: https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/ :: VULNERABILITIES AND EXPLOITS 6. TAMPERED CDN POISONS THREE POPULAR WORDPRESS PLUGINS [supply-chain, wordpress, backdoor] Latest developments: An attacker tampered with trusted JavaScript on Awesome Motive's content delivery network, poisoning the OptinMonster, TrustPulse, and PushEngage plugins so that an administrator loading a page would silently spawn an attacker-controlled admin account and a hidden backdoor plugin. The malicious code fired only when a logged-in administrator loaded the file, leaving ordinary visitors untouched and the intrusion quiet. The three plugins run on large numbers of WordPress sites, giving the supply-chain attack broad reach through a single trusted CDN. Operators should rotate admin credentials, hunt for rogue admin accounts and unknown plugins, and confirm clean CDN assets. - BleepingComputer: https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/ - The Hacker News: https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html :: POLICY AND REGULATION 7. UK MOVES TO BAR UNDER-16S FROM SOCIAL MEDIA [policy, regulation, privacy] Latest developments: The UK's Department for Science, Innovation and Technology announced a ban on social media access for children under 16, covering all user-to-user platforms built for social interaction, public posting, and algorithmic feeds. The rule targets platforms that let users post material and serve algorithmically ranked content to others. It follows age-gating moves abroad and sharpens pressure on companies to verify ages, a step that itself drives new data collection and privacy debate. Platforms operating in Britain will face fresh compliance and identity-verification demands. - The Record: https://therecord.media/uk-to-ban-social-media-access-for-children-under-16 8. FAKE FILINGS FORCE MAINE TO PULL ITS BREACH PORTAL [policy, data-breach] Latest developments: Maine took its public data-breach notification portal offline after someone filed fraudulent disclosures impersonating VRChat and Discord, and the attorney general will keep public access closed pending an audit of its procedures. Companies can still report breaches to the state, but the public-facing portal stays dark while Maine reviews how fake submissions slipped through. The episode exposed weak validation in a transparency tool that journalists and the public rely on for breach data. The attorney general's office plans to restore access once it tightens its intake checks. - The Record: https://therecord.media/maine-turns-off-breach-portal-fake-reports - SecurityWeek: https://www.securityweek.com/maine-disables-data-breach-portal-due-to-fake-submissions/ - Graham Cluley: https://www.bitdefender.com/en-us/blog/hotforsecurity/maine-take-down-data-breach-portal BUSINESS AND POLITICS ---------------------------------------------------------------- * US-Iran Deal Reopens the Strait of Hormuz Latest developments: Trump said Monday the Strait of Hormuz will fully reopen by Friday and the deal text releases in the coming days, ships began moving through, and average US gasoline fell below $4 a gallon. The United States and Iran signed a memorandum of understanding to end their war, dismantle Iran's nuclear program, and reopen the Strait of Hormuz, the conduit for roughly a fifth of the world's seaborne oil. Oil settled at its lowest since March 4 and the Dow closed at a record. Shipping groups caution that traffic through the strait could take weeks to recover even half its prewar level. - WSJ Markets: https://www.wsj.com/finance/global-stocks-markets-dow-news-06-15-2026-c6898869?mod=rss_markets_main - WSJ World News: https://www.wsj.com/world/middle-east/questions-about-trumps-iran-deal-set-to-dominate-g-7-fcd7fcbc - FT World: https://www.ft.com/content/ff17e2a2-7744-4e19-9e1d-23bc5892191c PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Clear, low 51F. Tuesday: Mostly Sunny, high 77F. Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F. Business: * Pa. Court Rules Skill Games Are Slot Machines Latest developments: The Pennsylvania Supreme Court ruled Monday that cash-payout skill games are slot machines and must follow the state's gambling law, an actual decision beyond last week's opinion-page debate over the devices. The ruling subjects the tens of thousands of skill game terminals in Pennsylvania bars, convenience stores, and clubs to the state's gambling regulations, settling a long-contested question with revenue stakes for operators and the state lottery alike. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-state/2026/06/15/pa-skill-games-supreme-court-ruling/stories/202606150054 * Pittsburgh International Named Among World's Most Beautiful Airports Latest developments: The French organization Prix Versailles placed Pittsburgh International on its 2026 list of the world's seven most beautiful airports. The recognition honors the airport's new $1.7 billion terminal, opened last year, whose undulating roofline imitates the region's hills and rivers. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-international-airport-worlds-most-beautiful/ * Cuban Food Truck Opens McKees Rocks Restaurant Latest developments: Milanes Cuban Corner, a popular Pittsburgh food truck, has grown into a sit-down restaurant in McKees Rocks. Carlos and Collyn Milanes built a following selling pressed Cuban sandwiches, roast pork, and pickles from a truck and now run a brick-and-mortar restaurant. - KDKA: https://www.cbsnews.com/pittsburgh/video/pickles-pork-and-perfectly-pressed-bread-with-milanes-cuban-corner/ Around town: * Great Allegheny Passage to Close for Landslide Repairs Latest developments: Crews will temporarily close a two-mile stretch of the Great Allegheny Passage this summer to guard against landslides. The trail links Pittsburgh to Cumberland, Maryland, and draws cyclists and hikers; the closure lets crews take preventative measures on a slide-prone section. - WTAE: https://www.wtae.com/article/two-mile-stretch-great-allegheny-passage-landslide-repairs/71595486 * Pittsburgh Nears Fern Hollow Settlements Latest developments: Pittsburgh is approaching final settlements with most people hurt when the Fern Hollow Bridge collapsed. The Frick Park bridge fell in January 2022, dropping vehicles and a bus into the ravine; the city is now resolving the remaining claims years afterward. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/fern-hollow-bridge-collapse-settlements/stories/202606150036 * City Pools Open for the Season Latest developments: Pittsburgh's public pools have opened for summer, and the city published hours and fees. The Post-Gazette laid out pool hours and entry fees along with other city summer events. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/15/pittsburgh-pools-hours-fees/stories/202606150035 * Transit Sets Juneteenth Schedule Latest developments: Pittsburgh Regional Transit announced its service levels for Juneteenth, the National Freedom Day holiday on June 19. The agency set its bus and rail schedule for the holiday so riders can plan around reduced service. - WPXI: https://www.wpxi.com/news/local/pittsburgh-regional-transit-announces-service-schedule-juneteenth-national-freedom-day/QCVRWU3BTZD4ZCZL2RU7723B6M/ * Storm Cleanup Continues in Beaver and Butler Counties Latest developments: The National Weather Service confirmed a tornado crossed into Beaver County, with no EF rating yet, as residents cleared downed trees and a Butler County farm assessed a machine shed torn from its foundation. Sunday's severe storms toppled trees onto homes and cars and cut power across Western Pennsylvania; survey teams are still rating the tornadoes. - WPXI: https://www.wpxi.com/news/local/nws-confirms-tornado-crossed-into-beaver-county-sunday/VTVUUIIGJ5ANNB75Y6TBDFEZVU/ - WTAE: https://www.wtae.com/article/severe-storms-cause-damage-at-butler-county-farm/71595229 Events: * App Maps Pittsburgh Film Locations Latest developments: A self-guided tour app, PastFinders, guides users to Pittsburgh movie locations, among them the downtown spot where The Dark Knight Rises filmed. The app points to sites across the city used in films, letting residents and visitors stand where scenes were shot. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/movies/2026/06/11/pittsburgh-film-tour-app-pastfinders/stories/202605290043 SPORTS ---------------------------------------------------------------- Pirates (36-36) Sun Jun 14 · Marlins 4 · Pirates 2 · Final Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2 https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * SNR Drive Ranks Divisions by Quarterback Talent Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked every NFL division by its quarterback talent. The team's show worked through all eight divisions, weighing where the AFC North and its passers stack up against the rest of the league. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=yFuV9I1SkMw * Which Steelers Rookies Could Contribute Early Latest developments: The Post-Gazette weighed whether rookies such as receiver Germie Bernard and offensive lineman Max Iheanachor look ready to contribute after OTAs and minicamp. The piece assessed which members of the Steelers' draft class flashed enough in spring work to earn early roles. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/15/nfl-news-rumors-germie-bernard-max-iheanachor/stories/202606150028 * Termarr Johnson Trending Up in the Minors Latest developments: The Post-Gazette's MiLB Monday examined whether former top Pirates pick Termarr Johnson is turning his season around in the minors. The column tracked Johnson alongside other Pirates farmhands, gauging how the infielder's development is progressing. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/15/mlb-prospects-termarr-johnson-edward-florentino-tony-blanco/stories/202606150020 READING ---------------------------------------------------------------- * Ed Zitron -- AI's Brokenomics Zitron argues the economics of the AI industry are fundamentally unsound, with leading firms burning billions a year and no credible path to profit. https://www.wheresyoured.at/brokenomics/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a survey of 6,000 digital workers, Newport contends that knowledge work was already dysfunctional before AI arrived, and the tools expose problems they did not create. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ * Stratechery -- Anthropic's Safety Superpower Ben Thompson argues that Anthropic's conviction in its own safety commitment gives the company license to aggressively favor its business and even challenge the U.S. government. https://stratechery.com/2026/anthropics-safety-superpower/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,406.74 ▼ -1.3% Dow 50,902.59 ▼ -0.3% Nasdaq 25,846.15 ▼ -2.4% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-15 20:14 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================