daily plain-text briefing: security, markets, business, and pittsburgh
Varonis chained three bugs into a one-click Microsoft 365 Copilot exploit that siphoned emails, files, and MFA codes through a genuine microsoft.com link, as China-nexus spies surfaced after a year inside North American research networks.
Latest developments: Google disclosed a China-linked campaign that hid for over a year inside North American medical, academic, and military research networks by backdooring exposed REDCap servers with InfiniteRed malware, stealing login credentials, then rewiring victims' own Google Workspace mail rules to copy sensitive defense and research email out; separately ESET flagged two Windows variants, marked WIN_DRV and WIN_PLUS, of the previously Linux-only SprySOCKS backdoor hitting government bodies in at least four countries.
The REDCap intrusion stands out for its exfiltration trick: rather than smuggling data through new channels, the attackers turned the targets' legitimate Workspace forwarding rules into a quiet pipe for stolen mail. The SprySOCKS expansion adds driver-based stealth and hard-coded command-and-control over TCP and UDP, widening a tool once confined to Linux. Research institutions running internet-facing REDCap should rotate credentials, audit Workspace rules for unexpected forwarding, and hunt for the new Windows variants.
Sources: Dark Reading · The Hacker News · The Hacker News · BleepingComputer
Latest developments: Genians Security Center found ScarCruft, also tracked as APT37, sending spear-phishing that impersonates Microsoft account security alerts to drop a malware called NarwhalRAT, while Proofpoint detailed the Contagious Interview cluster running developer-recruitment and code-review phishing lures that turn coding tools into malware delivery channels.
ScarCruft's fake Microsoft security warnings prey on users' instinct to react fast to account threats, steering them into installing NarwhalRAT. The Contagious Interview operation, also known as Famous Chollima, keeps targeting software engineers with job and code-review themes, exploiting the trust developers place in recruiting and review workflows. Staff should verify account alerts through official portals rather than email links, and developers should treat unsolicited coding challenges and review requests with suspicion.
Sources: The Hacker News · The Hacker News
Latest developments: Varonis Threat Labs detailed SearchLeak, a now-patched chain of three bugs in Microsoft 365 Copilot Enterprise Search that let one click on a real microsoft.com link pull a user's emails, calendar entries, indexed files, and even two-factor codes, slipping past anti-phishing and URL filters because the link pointed at a trusted domain.
The exploit hid the malicious payload inside variables and concealed URLs that rode a legitimate Microsoft domain, defeating tools that judge links by reputation. Microsoft has fixed the flaw, but researchers place it in a growing family of prompt-injection attacks that weaponize the AI assistant's own trusted access. Enterprises leaning on Copilot for search should treat its broad data reach as a high-value target and watch for similar indirect injection paths.
Sources: The Hacker News · Dark Reading · Ars Technica Security
Latest developments: Threat intelligence firm Defused observed attackers exploiting three vulnerabilities in Fortinet FortiSandbox over the past 24 hours, including CVE-2026-39813, a path-traversal flaw in the JRPC API rated 9.1, alongside CVE-2026-39808 and CVE-2026-25089, one of them patched only last week.
FortiSandbox sits at the heart of many networks as a threat-detection appliance, so a compromise hands attackers a trusted vantage point. The path-traversal bug lets an attacker reach files outside intended directories, and the cluster of three flaws under simultaneous exploitation suggests an active campaign against unpatched units. Administrators should apply Fortinet's fixes immediately and inspect FortiSandbox logs for exploitation traces.
Sources: The Hacker News · BleepingComputer
Latest developments: The Arch Linux supply-chain compromise, first counted at roughly 400 packages, ballooned to 1,500 malicious uploads to the Arch User Repository, prompting Arch to suspend new account registrations, while attackers separately hijacked the OptinMonster, TrustPulse, and PushEngage WordPress plugins through a compromise of Awesome Motive's content-delivery network.
The AUR flood, dubbed Atomic, rewrote build scripts to drop an infostealer and rootkit, and the surge to 1,500 packages forced Arch to close the registration door behind the attackers. The OptinMonster incident poisoned plugins at the CDN layer, meaning sites pulling updates received tainted code without any direct breach of their own servers. Developers and site owners using these ecosystems should audit recently installed packages and plugin assets and rotate any exposed credentials.
Sources: SecurityWeek · BleepingComputer
Latest developments: BleepingComputer reported DragonForce ransomware operators deploying a custom backdoor named Backdoor.Turn that buries command-and-control traffic inside Microsoft Teams relay infrastructure, while a separate group calling itself The Gentlemen shut down the mills of Mackay Sugar, Australia's second-largest sugar producer.
By tunneling control traffic through Teams relays, DragonForce blends its communications into normal corporate collaboration flows, frustrating network defenders who trust Microsoft endpoints. The Mackay Sugar attack halted physical milling operations, a reminder that ransomware crews readily knock industrial producers offline. Organizations should scrutinize anomalous Teams relay traffic and segment operational technology from corporate IT to limit production-stopping intrusions.
Sources: BleepingComputer · SecurityWeek
Latest developments: The hack-and-leak group FulcrumSec claimed it stole 1.3 terabytes of data from drugmaker Novo Nordisk, the Council of Europe opened a probe into ShinyHunters' weekend breach claims, and digital healthcare firm iRhythm Holdings disclosed that attackers took patient personal and health data from third-party-hosted business applications.
Novo Nordisk, already named in earlier breach reporting, now faces a specific extortion claim quantifying the haul at 1.3 terabytes. The Council of Europe, the continent's oldest intergovernmental body, is investigating ShinyHunters, the same crew tied to recent enterprise-software thefts. iRhythm's incident shows third-party application hosting remains a leak point for sensitive medical records. Affected individuals should watch for targeted phishing and fraud, and the organizations face mounting disclosure and regulatory pressure.
Sources: SecurityWeek · BleepingComputer · BleepingComputer
Latest developments: The United Kingdom announced a ban on social media access for children under 16 across all user-to-user platforms that enable social interaction and run algorithmic feeds, Estonia ordered extra screening to quarantine emails from Russia's .ru top-level domain before they reach government officials, and the White House issued NSPM-12 to bolster national security systems cybersecurity governance and reestablish the Committee on National Security Systems.
Britain's age cutoff reaches every algorithm-driven social platform, an aggressive step that will force identity and age checks. Estonia's .ru quarantine treats an entire national domain as a threat vector against its officials, reflecting wartime caution toward Russian infrastructure. NSPM-12 sets a clearer accountability structure for protecting U.S. classified and military systems. Platforms, agencies, and contractors across all three jurisdictions must now adjust compliance and screening practices.
Sources: The Record · The Record · SecurityWeek
Latest developments: The Bank of Japan lifted its policy rate to 1% Tuesday, the first time it has reached that level since 1995, and said it will stop reducing its monthly bond purchases starting next year.
Japan's central bank moved against inflation risks, noting that the pass-through of high oil prices is running fast through the economy; the rate sits at a 31-year high. The decision marks a decisive step away from the ultra-loose policy Japan held for decades and ripples through global bond and currency markets.
Latest developments: SpaceX agreed to buy the autonomous coding agent Cursor for $60 billion, and its market value climbed toward Amazon's as the post-IPO rally extended.
Days after the largest initial public offering on record, Elon Musk's rocket company spent $60 billion on an AI coding firm, signaling a pivot beyond launches into software and pushing its valuation among the world's largest. The scale of the deal and the run-up draw scrutiny over concentration in megacap technology shares.
Sources: WSJ US Business · FT World
Today: Mostly Sunny, high 77F.
Tonight: Mostly Cloudy then Scattered Showers And Thunderstorms, low 59F.
Wednesday: Mostly Sunny, high 80F.
Latest developments: The Post-Gazette reports Pittsburgh's Housing Authority purchased a building and then had to leave it, a setback in the agency's affordable-housing work.
The Housing Authority of the City of Pittsburgh acquired a property as part of its affordable-housing effort, only to vacate it, raising questions about how the agency manages its real estate as demand for low-cost housing stays high.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh City Paper traced the colorful history of the South Side building that housed Fat Head's after the popular brewpub closed.
Fat Head's, a brewpub on Pittsburgh's South Side, has shut down, ending one chapter in a building whose past stretches back through several owners. The closure removes a longtime craft-beer destination from East Carson Street.
Sources: Pittsburgh City Paper
Latest developments: The Post-Gazette details a new chocolate factory tour at Sarris Candies in Canonsburg, opening the production floor to visitors.
Sarris Candies, the family chocolate maker in Canonsburg, now offers guided tours of its factory, adding a tourist draw in Washington County and a window into how the regional confectioner produces its sweets.
Sources: Pittsburgh Post-Gazette
Latest developments: Pittsburgh City Council could vote this month on settlements for 11 people hurt in the 2022 Fern Hollow Bridge collapse.
Four years after the Forbes Avenue bridge over Fern Hollow gave way, the city is moving to compensate 11 victims. A council vote would close out part of the legal fallout from one of Pittsburgh's most prominent infrastructure failures.
Sources: TribLive
Latest developments: WTAE reports crews will demolish the old Commercial Street Bridge, including a planned controlled explosion, before the new span slides into place.
Pittsburgh is replacing the Commercial Street Bridge, and the old structure must come down first, partly by controlled blast. The work clears the way for the new bridge in the city's east end.
Sources: WTAE
Latest developments: WPXI reports hazmat crews responded to the Cleveland Cliffs plant in Butler County for an acid spill into Connoquenessing Creek.
An acid spill reached Connoquenessing Creek from the Cleveland Cliffs facility in Butler County, drawing hazardous-materials teams. Crews are assessing the discharge into the waterway.
Sources: WPXI
Latest developments: The Post-Gazette reports landslide repairs will close the Great Allegheny Passage in West Mifflin in July, with an $8 million long-term fix planned.
A slipping hillside will shut a stretch of the Great Allegheny Passage through West Mifflin next month, interrupting the popular Pittsburgh-to-Washington trail. A permanent $8 million stabilization is in the works.
Sources: Pittsburgh Post-Gazette
Latest developments: Forecasters call for highs in the 70s Tuesday with evening showers, rain returning late Wednesday, and an Alert Day Thursday for rain and storms.
After a comfortable start to the week, Western Pennsylvania faces a wetter pattern, with Thursday flagged as the most active day for rain and thunderstorms. Drivers and outdoor planners should expect disruption midweek.
Latest developments: The Post-Gazette rounds up Juneteenth observances around Pittsburgh, including festivals and films, ahead of the June 19 holiday.
Pittsburgh marks Juneteenth, the June 19 commemoration of emancipation, with festivals, film screenings, and other gatherings across the region. The Post-Gazette's guide lists where to go; consult it for specific times, venues, and admission.
Sources: Post-Gazette Arts & Entertainment
Latest developments: Pittsburgh City Paper lists restaurant specials for Father's Day on Sunday, June 21, including a brunch with lobster options at Ritual House downtown.
Pittsburgh restaurants are running Father's Day brunch and dinner deals on Sunday, June 21. Ritual House at 524 William Penn Place downtown offers brunch fare such as lobster; the City Paper roundup also previews Picklesburgh news. Check each venue for hours and reservations.
Sources: Pittsburgh City Paper
Pirates (36-37)
Mon Jun 15 · Pirates 2 · Athletics 11 · Final
Nick Kurtz and Jeff McNeil power the A's to an 11-2 victory over the struggling Pirates
Up Next · Pirates @ Athletics · Tue Jun 16, 9:40 PM
Latest developments: A Post-Gazette video assesses which Steelers rookies looked ready to contribute quickly after OTAs and minicamp, naming receiver Germie Bernard and lineman Max Iheanachor.
With the offseason program done, the Post-Gazette weighs which first-year Steelers stood out in spring practice and could earn early roles, spotlighting Bernard and Iheanachor among the candidates.
Sources: Post-Gazette Steelers
Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler ranked each NFL division by quarterback talent.
The team's SNR Drive show weighed where the AFC North and the rest of the league stand at quarterback, a measure that bears on Pittsburgh's path in a division it must navigate. The hosts debated the tiers across all eight divisions.
Sources: Pittsburgh Steelers (YouTube)
S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 86.31 ▼ -7.1% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%