================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Monday, June 15, 2026 - 9:05 PM EDT ================================================================ Attackers exploit fresh Cisco, Palo Alto, and LiteSpeed flaws as AI-driven bug hunting drives 2026 vulnerability disclosures toward a record 66,000. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * Agent Governance: A wave of new products from Omada, Trust3, 1Password, Delinea, and NewCore races to govern the access, data, and token use of AI agents, signaling that non-human identities now outpace the controls built for people. * Prompt Injection: Attacks on Microsoft 365 Copilot, LiteLLM gateways, and Reddit-fed search agents show that crafted text inside trusted systems can turn AI into a data thief or a scam engine. * Edge Exploitation: Active exploitation of Cisco, Palo Alto, and LiteSpeed appliances confirms that internet-facing network gear stays the fastest path into enterprise networks. * AI Flaw Hunting: Autonomous tools now find software vulnerabilities at scale, pushing FIRST to forecast a record 66,000 CVEs for 2026 and arming both vendors and attackers. * Disclosure Friction: Maine's fake breach filings and a survey showing most CISOs feel pressure to bury bad news together threaten the timeliness and trust of breach reporting. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. EXPLOITED NETWORK GEAR FLOODS THE CISA CATALOG [zero-day, patch, exploit] Latest developments: Cisco fixed CVE-2026-20262, a Catalyst SD-WAN Manager path-traversal flaw attackers exploited as a zero-day to escalate to root, Palo Alto Networks reported active exploitation of PAN-OS GlobalProtect authentication-bypass flaw CVE-2026-0257, and CISA added the Cisco bug and a LiteSpeed cPanel symlink flaw, CVE-2026-54420, to its known exploited vulnerabilities catalog. Edge and management appliances remain the soft underbelly of enterprise networks, and four flaws drew fire at once. A separate SimpleHelp bug lets unauthenticated attackers mint privileged technician accounts on servers using OpenID Connect. Administrators running Cisco Catalyst SD-WAN Manager, PAN-OS GlobalProtect portals, the LiteSpeed cPanel plugin, or SimpleHelp should patch immediately and hunt for rogue accounts and unexpected root access. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/ - The Hacker News: https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog - BleepingComputer: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ 2. AI BUG HUNTING PUSHES 2026 CVES TOWARD 66,000 [ai, vulnerability, patch] Latest developments: The Forum of Incident Response and Security Teams raised its 2026 forecast to roughly 66,000 CVEs, well above its January projection, crediting autonomous AI tools that now hunt software flaws on their own and find them well. Disclosure volume is climbing faster than defenders can triage, and AI flaw discovery is the main driver. The shift cuts both ways: the same tooling that surfaces bugs for vendors also arms attackers who scan for them first. Security teams should expect heavier patch backlogs and lean on automated prioritization to keep pace. - Help Net Security: https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/ :: RANSOMWARE AND CYBERCRIME 3. FBI AND GOOGLE DISMANTLE THE OUTSIDER PHISHING EMPIRE [phishing, cybercrime, law-enforcement] Latest developments: The FBI and Google dismantled Outsider Enterprise, the China-based phishing-as-a-service network they sued days earlier, revealing it ran more than 9,000 phishing sites, stole nearly 4 million credit cards, and caused roughly $1.9 billion in losses, while Ukrainian national Oleksii Lytvynenko pleaded guilty to building a loader for Conti, which hit over 1,000 victims. Outsider weaponized Google's Gemini to mass-produce scam texts and fake storefronts aimed at Americans. The FBI separately warned that pig-butchering crews now dispatch couriers to collect cash from investment-scam victims in person, and Group-IB tied the Sniper Dz kit to fake Facebook offers blanketing the Middle East and North Africa. Treat unsolicited package, payment, and investment lures as hostile. - SecurityWeek: https://www.securityweek.com/fbi-google-dismantle-outsider-enterprise-phishing-service/ - SecurityWeek: https://www.securityweek.com/ukrainian-man-pleads-guilty-in-us-to-conti-ransomware-charges/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/fbi-fraudsters-use-couriers-to-steal-money-in-crypto-scams/ - The Hacker News: https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html :: AI SECURITY 4. AI GATEWAYS AND FEEDS BECOME EXFILTRATION TOOLS [ai, prompt-injection, vulnerability] Latest developments: Obsidian Security disclosed a three-bug chain that lets a default low-privilege LiteLLM account climb to full admin and run code, exposing every model-provider key the gateway holds, while separate research showed that a 13-word snippet planted on Reddit, Wikipedia, or Quora can steer AI search agents into emitting spam and scams. LiteLLM brokers calls to more than 100 model providers behind one interface, so a server takeover hands attackers a vault of secrets. The Reddit finding extends prompt-injection risk into retrieval-augmented generation, where any user-editable page becomes an attack surface. Teams running AI gateways should patch LiteLLM, restrict default accounts, and treat retrieved web content as untrusted input. - The Hacker News: https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html - 404 Media: https://www.404media.co/it-is-trivially-easy-to-use-reddit-to-manipulate-ai-search-research-suggests/ :: POLICY AND REGULATION 5. DOJ MAKES FIRST SEIZURE UNDER THE TAKE IT DOWN ACT [policy, deepfake, ai] Latest developments: The Justice Department seized CFAKE.com and SOCFAKE.com, which hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act. The law, aimed at nonconsensual intimate imagery and deepfakes, now has its first enforcement teeth. The action signals that prosecutors will pursue the infrastructure behind AI-generated abuse, well beyond individual posters. Platforms hosting user-generated explicit content face fresh takedown and liability pressure. - BleepingComputer: https://www.bleepingcomputer.com/news/security/doj-seizes-cfake-socfake-deepfake-nude-sites-under-take-it-down-act/ 6. FCC MOVES TO ELIMINATE BURNER PHONES [policy, privacy] Latest developments: A proposed FCC rule would force U.S. telecoms to store a government-issued identification number and physical address for essentially every phone customer, ending anonymous prepaid accounts. The plan targets phones whose accounts attach to no identifiable person, a staple of criminals and privacy-conscious users alike. Civil-rights and privacy advocates compare the mandate to identity-tracking regimes in authoritarian states. The rule would also create a vast new repository of personal data that itself becomes a breach target. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/the-fcc-wants-to-eliminate-burner-phones.html :: NATION-STATE ACTIVITY 7. CYBERATTACK CRIPPLES RUSSIAN SOFTWARE MAKER ASTRAL [breach, disruption] Latest developments: A cyberattack on Russian tech firm Astral disrupted business and government services across Russia for a week, knocking out cash registers, regulated-goods sales, customer portals, corporate email, and digital-certificate authentication. Astral supplies the electronic-document, certificate, and authentication services that many Russian businesses and agencies depend on, so the outage rippled widely. No group has claimed the attack. The disruption underscores how a single service provider's failure can paralyze commerce and government functions at national scale. - The Record: https://therecord.media/cyberattack-on-russian-tech-firm-astral-disrupts-business-government-services 8. FINLAND CHARGES SHIP OFFICERS OVER SEVERED SUBSEA CABLES [policy, infrastructure] Latest developments: Finland's deputy prosecutor general charged a cargo ship's officers with damaging two subsea telecommunications cables and attempting to damage a total of eight other connections. The Baltic Sea has seen a string of suspected sabotage against undersea infrastructure, often tied to vessels dragging anchors across cables. Prosecutors now treat the Finnish damage as deliberate sabotage. The charges mark a rare instance of criminal accountability for attacks on the cables that carry a region's communications. - The Record: https://therecord.media/finland-brings-charges-against-cargo-ship-undersea-cables BUSINESS AND POLITICS ---------------------------------------------------------------- * US-Iran Deal Reaches Signing Latest developments: Senior US officials said Trump and Iran's top negotiator remotely signed a memorandum of understanding Monday ahead of the formal ceremony, the Dow closed at a record, and oil settled at its lowest level since March 4. The accord extends a shaky ceasefire, commits Iran to dismantle its nuclear program, halt funding for armed groups, and reopen the Strait of Hormuz, which Trump says will fully open by Friday. The text stays unreleased, Israel's offensive in Lebanon could still scuttle the deal, and the administration is weighing a $300 billion fund tied to Tehran's compliance. - WSJ World News: https://www.wsj.com/world/middle-east/questions-about-trumps-iran-deal-set-to-dominate-g-7-fcd7fcbc - WSJ Markets: https://www.wsj.com/finance/global-stocks-markets-dow-news-06-15-2026-c6898869?mod=rss_markets_main - FT World: https://www.ft.com/content/088c14d3-f708-44d8-a306-7996aa5211de * EU Opens Membership Talks With Ukraine Latest developments: The European Union began formal accession negotiations with Ukraine Monday after Hungary's new leadership dropped the veto that had stalled the process. The move starts Ukraine's path toward joining the bloc, a landmark step taken amid the war with Russia. Accession talks run for years and require Ukraine to align its laws and institutions with EU standards. - FT World: https://www.ft.com/content/19d88dc2-963b-45f2-9a23-9e328cc45948 PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Clear, low 51F. Tuesday: Mostly Sunny, high 77F. Tuesday Night: Mostly Cloudy then Chance Rain Showers, low 58F. Business: * Astrobotic Readies Griffin Moon Lander Latest developments: The Post-Gazette reports Pittsburgh's Astrobotic faces one more test before its Griffin lander launches toward the moon, the region's second lunar try after Peregrine. Astrobotic, a Pittsburgh robotics company, builds landers tied to NASA's moon-base ambitions, and Griffin will ride a SpaceX rocket on the journey. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/tech-news/2026/06/15/astrobotic-spacex-nasa-moon-base-griffin-peregrine/stories/202606150033 * Indiana Township Weighs 172-Unit Housing Plan Latest developments: TribLive reports Indiana Township residents may wait at least two months before officials act on a proposed 172-unit planned residential development. The plan would add 172 homes to the township north of Pittsburgh, and more residents weighed in at a recent meeting. Officials have set no timeline for a decision. - TribLive: https://triblive.com/local/valley-news-dispatch/more-indiana-township-residents-weigh-in-on-proposed-housing-development/ Around town: * Parkway North to Close for Bridge Demolition Latest developments: Part of the Parkway North will fully close later this week so crews can demolish the Jacks Run Road Bridge, KDKA reports, after equipment problems postponed Monday night's planned start. The closure on I-279 north of downtown will divert commuters during the demolition. Drivers should plan for detours. - KDKA: https://www.cbsnews.com/pittsburgh/video/part-of-parkway-north-to-close-for-bridge-demolition/ * Three Tornadoes Confirmed From Sunday Storms Latest developments: The National Weather Service confirmed at least three tornadoes touched down across eastern Ohio and northwestern Pennsylvania, including one in Beaver County and two in Columbiana County, Ohio, with surveys ongoing. Sunday's storms downed trees, cut power, and tore a machine shed from its foundation at a Butler County farm. Residents in Beaver County communities such as Darlington and Ambridge spent Monday clearing debris. - KDKA: https://www.cbsnews.com/pittsburgh/news/confirmed-tornadoes-pennsylvania-ohio-storm-damage/ - WTAE: https://www.wtae.com/article/tornado-confirmed-beaver-county-severe-storms-june-14-2026/71594373 * Bear Spotted in a Pittsburgh Neighborhood Latest developments: KDKA captured another bear on camera in a Pittsburgh neighborhood and asked an expert whether more bears now live within the city. Bear sightings have recurred in city neighborhoods, raising questions about how far the animals range into Pittsburgh. - KDKA: https://www.cbsnews.com/pittsburgh/video/bear-caught-on-camera-in-pittsburgh-neighborhood-1/ * New Kensington Home Demolition Resumes Latest developments: WPXI reports demolition resumed on a condemned New Kensington home next to Bill Johnas's house, leaving him without answers about who will repair the damage and fill a plastic-covered hole. The teardown of the condemned property next door has unsettled the neighbor, who still seeks word on who will fix his house. - WPXI: https://www.wpxi.com/news/local/demolition-continues-condemned-new-kensington-home-despite-concerns-neighbor/2T2Y7BBEG5FLNFLAXCV3P34AAY/ SPORTS ---------------------------------------------------------------- Pirates (36-36) Sun Jun 14 · Marlins 4 · Pirates 2 · Final Meyer outduels Skenes, allows one run in six innings as Marlins top Pirates 4-2 https://plaintextsports.com/mlb/2026-06-14/mia-pit Up Next · Pirates @ Athletics · Mon Jun 15, 9:40 PM https://plaintextsports.com/mlb/2026-06-15/pit-ath Around the Teams: * Hiles: Pirates Must Fix the Bullpen Now Latest developments: In his weekend column, the Post-Gazette's Noah Hiles argued the Pirates must repair their bullpen immediately or watch it sink the season. Hiles called relief pitching the team's central flaw, tying the failures to manager Don Kelly's options and general manager Ben Cherington's roster choices. - Post-Gazette Pirates: https://www.post-gazette.com/sports/columns/2026/06/15/mlb-pirates-bullpen-don-kelly-jake-mangum-ben-cherington/stories/202606140080 * Building a Steelers Core Around Porter and Herbig Latest developments: A Post-Gazette video weighed whether the Steelers can form a new young core around cornerback Joey Porter Jr. and edge rusher Nick Herbig. The piece cast the two recent draftees as building blocks for the defense's future as the roster turns over. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/12/nfl-draft-news-rumors-joey-porter-jr-nick-herbig/stories/202606120048 * Cam Heyward's Podcast on the Cowboys Dynasty Latest developments: The latest Not Just Football with Cam Heyward episode examined how one team nearly ended the Dallas Cowboys' dynasty. Heyward's show turned to NFL history, breaking down the rivalry that came close to toppling the Cowboys at their peak. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=TFO8VCU4tp4 READING ---------------------------------------------------------------- * Ed Zitron -- AI's Brokenomics Zitron dissects what he calls the broken economics of the AI industry, arguing the leading companies burn enormous sums with no clear route to profit. https://www.wheresyoured.at/brokenomics/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a Financial Times interview with the Work AI Institute's Rebecca Hinds about a 6,000-person survey, Newport contends knowledge work was already dysfunctional before AI arrived. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ * Stratechery -- Anthropic's Safety Superpower Ben Thompson argues Anthropic's faith in its own safety commitment grants it license to aggressively favor its business and even challenge the US government. https://stratechery.com/2026/anthropics-safety-superpower/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,406.74 ▼ -1.3% Dow 50,902.59 ▼ -0.3% Nasdaq 25,846.15 ▼ -2.4% WTI crude 88.42 ▼ -5.0% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-15 21:05 EDT. Sources: 22 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================