================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Tuesday, June 16, 2026 - 10:49 AM EDT ================================================================ A critical SimpleHelp flaw hands attackers control of every managed endpoint as fresh vulnerabilities riddle AI platforms and U.S. scam losses reach a record $3.5 billion. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Attack Surface: Flaws in the platforms that run AI—Google's Vertex AI SDK, the LiteLLM gateway, Microsoft 365 Copilot—hand attackers code execution and data theft, making AI infrastructure its own breach target. * Evasion Engineering: Attackers increasingly hide inside trusted systems, as GhostTree defeats Defender scans with recursive junctions and DragonForce tunnels command traffic through Microsoft Teams relays. * Scam Economy: Fraud losses keep climbing as crews add physical cash couriers and robotic bot farms to industrialized scam operations that cost Americans a record $3.5 billion in 2025. * Gaming Vectors: Malware authors mine gaming platforms—Steam Workshop wallpapers and hijacked Roblox games—to reach millions of players and their wallets. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. CRITICAL RMM FLAW OPENS A PATH TO EVERY MANAGED ENDPOINT [patch, exploit] Latest developments: Horizon3.ai disclosed CVE-2026-48558, a critical authentication-bypass flaw in SimpleHelp deployments that use OpenID Connect, letting unauthenticated attackers forge privileged Technician accounts; the same day CISA set a June 18 deadline for federal agencies to patch the actively exploited LiteSpeed cPanel plugin flaw CVE-2026-54420. SimpleHelp is remote monitoring and management software that managed service providers and IT teams use to reach customer machines. CVE-2026-48558 lets an unauthenticated attacker forge a privileged Technician account and then remote into managed endpoints, run scripts, and move laterally across a victim's fleet. Administrators running SimpleHelp with OpenID Connect should patch at once and audit existing technician accounts. The separate LiteSpeed cPanel flaw, CVE-2026-54420, escalates attackers to root on shared web-hosting servers, and CISA ordered federal agencies to fix it by June 18, 2026. - Help Net Security: https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ - The Hacker News: https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/ 2. GHOSTTREE BURIES MALWARE WHERE DEFENDER CANNOT FINISH LOOKING [malware, evasion] Latest developments: Varonis detailed GhostTree, a technique that chains NTFS junction points into themselves to spawn a near-endless number of valid Windows file paths, so a Microsoft Defender folder scan never completes and leaves planted malware undetected. Varonis researchers described GhostTree, which links NTFS junction points back into themselves so Windows generates an effectively infinite tree of valid file paths. A Microsoft Defender folder scan that walks those paths never finishes, and any malware sitting among them escapes detection. The technique buys intruders quiet persistence on endpoints that look clean. Defenders should watch for unusual junction structures and scan-process timeouts. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/ :: RANSOMWARE AND CYBERCRIME 3. SCAM LOSSES HIT A RECORD AS COLLECTION GOES PHYSICAL [fraud, scam] Latest developments: The FTC reported Americans lost $3.5 billion to imposter scams in 2025, nearly triple the 2020 total, while the FBI warned that pig-butchering crews now dispatch couriers to victims' homes to collect cash when banks freeze transfers, and Frank on Fraud documented robotic bot farms using mechanical fingers to run dating scams. Imposter scammers pose as banks, government agencies, businesses, or romantic partners to talk victims out of their money. The FTC counted $3.5 billion in such losses for 2025, nearly triple the 2020 figure. As banks grow quicker to freeze suspicious wire transfers, pig-butchering crews now send couriers to victims' doors to collect cash in person, and operators have begun wiring mechanical fingers to robotic rigs that swipe and type through dating apps at scale. Train staff and customers to verify any unexpected payment demand through a known channel. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ftc-warns-of-record-35-billion-losses-to-imposter-scams-in-2025/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/fbi-fraudsters-use-couriers-to-steal-money-in-crypto-scams/ - Frank on Fraud: https://frankonfraud.com/new-robotic-ai-bot-farms-are-the-latest-scam-threat/ 4. ROKAROLLA ANDROID TROJAN TARGETS 217 BANKING AND CRYPTO APPS [malware, mobile] Latest developments: Zimperium's zLabs documented Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps and carries 137 remote commands, lifting lock-screen PINs, intercepting SMS codes, and rewriting the clipboard to redirect crypto payments. Zimperium's zLabs documented Rokarolla, an Android banking trojan aimed at 217 banking and cryptocurrency apps. Its 137 remote commands give an operator near-total control of an infected phone: it captures lock-screen PINs, reads and sends SMS, rewrites the clipboard to swap in attacker crypto addresses, and can switch off Google Play Protect. Android users should install apps only from trusted sources and review which apps hold accessibility permissions. - The Hacker News: https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html 5. GAME PLATFORMS TURN INTO MALWARE CHANNELS [malware] Latest developments: Kaspersky found dozens of malicious wallpapers spreading malware through Steam Workshop since late 2025, mainly to gamers in China and Russia, while 404 Media reported that attackers now seize entire Roblox games, taking their ownership and Robux rather than individual items. Kaspersky found dozens of booby-trapped wallpapers on Steam Workshop, the platform's hub for player-made content, spreading malware since late 2025 mainly to gamers in China and Russia. Separately, 404 Media reported that attackers have moved past stealing individual in-game items to seizing whole Roblox games, taking their ownership and the Robux they earn. Both cases show criminals treating game stores as soft distribution channels. Players should scrutinize community downloads and lock accounts with multi-factor authentication. - Securelist (Kaspersky): https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/ - 404 Media: https://www.404media.co/hackers-are-hijacking-entire-roblox-games-now/ :: AI SECURITY 6. SECURITY LEADERS PRESS WASHINGTON TO LIFT ANTHROPIC CURBS [policy, ai] Latest developments: A coalition of cybersecurity executives and experts publicly urged the Trump administration to lift its directive barring foreign nationals from using Anthropic's newest models, Fable 5 and Mythos 5, arguing the restriction handicaps defenders far more than attackers. On June 13 the Trump administration ordered Anthropic to block foreign nationals from its newest models, Fable 5 and Mythos 5, framing the move as export control after a jailbreak demonstration. Anthropic complied worldwide while disputing the basis. Now a group of cybersecurity leaders argues the curb weakens defenders who rely on the models to triage vulnerabilities and hunt threats, while determined attackers find comparable capability elsewhere. They want the directive lifted. - SecurityWeek: https://www.securityweek.com/cybersecurity-executives-urge-the-trump-administration-to-ease-restrictions-on-anthropic-ai-models/ 7. VERTEX AI SDK FLAW ENABLES CROSS-TENANT CODE EXECUTION [vulnerability, ai] Latest developments: Unit 42 disclosed a vulnerability in Google's Vertex AI Python SDK that lets an attacker hijack model uploads through bucket squatting—registering the storage buckets the SDK expects—to achieve remote code execution across tenants. Vertex AI is Google's managed platform for training and serving machine-learning models. Unit 42 found that its Python SDK trusts storage-bucket names an attacker can register first, a trick called bucket squatting; uploading a poisoned model artifact then runs attacker code on another tenant's infrastructure. The flaw extends a run of weaknesses in AI tooling—following the LiteLLM gateway takeover and the Copilot SearchLeak chain—that turn the machinery of AI into an entry point. Teams using the SDK should update and verify the buckets their pipelines reference. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ :: NATION-STATE ACTIVITY 8. IRANIAN HACKERS CLAIM A CALIFORNIA WATER UTILITY [apt, breach] Latest developments: California Water Service said it is investigating claims by Iranian hackers of a breach and added that it sees no sign of disruption to its water or wastewater operations. California Water Service, known as Cal Water, supplies water to roughly two million people across the state. The company said it is investigating Iranian hackers' claims of a breach and finds no indication of operational disruption. Iran-linked crews have repeatedly probed U.S. water utilities, often striking internet-exposed industrial controllers for propaganda value. Operators should confirm that control systems sit off the public internet and require multi-factor authentication. - SecurityWeek: https://www.securityweek.com/cal-water-investigating-iranian-hackers-claims/ BUSINESS AND POLITICS ---------------------------------------------------------------- * EU Ratifies Trade Deal With the United States Latest developments: The European Parliament voted Tuesday to ratify last year's trade agreement with Trump, meeting his deadline and heading off a threatened jump in tariffs on European cars. The deal, struck in 2025 between the United States and its largest trading partner, locks in tariff terms across the Atlantic; ratification clears away the threat that Washington would raise auto tariffs and reopen a transatlantic trade fight. - WSJ World News: https://www.wsj.com/economy/trade/eu-gives-final-approval-to-u-s-trade-deal-5b1aa450 - FT World: https://www.ft.com/content/2ff4bdef-e372-4f11-9af1-e84d4ac85392 * Oil Falls Below $80 as Hormuz Reopening Nears Latest developments: Brent crude sank below $80 a barrel Tuesday to a three-month low, and Goldman Sachs and Morgan Stanley cut their forecasts, as traders bet Strait of Hormuz flows will return under the US-Iran memorandum extending the ceasefire. The preliminary US-Iran accord would reopen the strait, dismantle Iran's nuclear program, and restore Persian Gulf supply to prewar levels sooner than expected; key terms remain unpublished, and Tehran now says the deal also requires Israel to withdraw from Lebanon. - FT Markets: https://www.ft.com/content/45340e55-aa6a-4302-a606-a869f5cb6189 - WSJ US Business: https://www.wsj.com/business/energy-oil/goldman-sachs-cuts-oil-price-forecasts-faster-gulf-supply-recovery-c37d2a92?mod=pls_whats_news_us_business_f * G7 Tightens Sanctions on Russian Energy Latest developments: G7 leaders agreed Tuesday to raise pressure on Moscow notably through new limits on Russian oil and gas exports, and Trump signaled a swift return of sanctions on Russian oil as the summit pulled his attention back to Ukraine. After months in which Washington focused on Iran, the Group of Seven's move to tighten energy sanctions reopens compliance and supply questions for global banks and commodity markets. - FT World: https://www.ft.com/content/a7b956d0-97ce-4a54-ba1d-e1c6eee9a293 - WSJ World News: https://www.wsj.com/world/europe/u-s-allies-use-g-7-to-focus-trumps-attention-back-to-ukraine-f0c22f45 PITTSBURGH ---------------------------------------------------------------- Weather: Today: Mostly Sunny, high 77F. Tonight: Mostly Cloudy then Scattered Showers And Thunderstorms, low 59F. Wednesday: Mostly Sunny, high 80F. Business: * Yum Brands Sells Pizza Hut for $2.7 Billion Latest developments: Yum Brands agreed Tuesday to sell Pizza Hut for $2.7 billion, with private-equity firm LongRange Capital buying operations outside mainland China for $1.5 billion and Yum China taking the China business for $1.2 billion. The sale splits the struggling pizza chain between a US buyout firm and a Chinese restaurant company, ending Yum Brands' ownership of a brand that has lost ground to rivals. - KDKA: https://www.cbsnews.com/pittsburgh/news/pizza-hut-sale-yum-brands/ - WTAE: https://www.wtae.com/article/pizza-hut-sold-for-2-7-billion/71600821 * One in Three Pennsylvania Hospitals Lost Money in 2025 Latest developments: A new report shows nearly one in three Pennsylvania hospitals operated in the red in 2025, while southwestern Pennsylvania hospitals beat the state average, with nearly 60% posting operating margins above 4%. The figures point to financial strain across Pennsylvania's hospital system even as the Pittsburgh region's hospitals fared comparatively well. - WPXI: https://www.wpxi.com/news/local/southwestern-pennsylvania-hospitals-outperform-state-average/RXBQXH77DBGE3AXAJNI2NE2ARY/ * Summer Meal Programs Brace for Higher Demand Latest developments: Regional summer food programs say they expect higher demand this year as inflation holds above 4% and grocery prices stay elevated. Free summer meal sites that feed children when school is out anticipate more families turning to them, a measure of the squeeze high food prices put on household budgets. - TribLive: https://triblive.com/local/valley-news-dispatch/summer-meal-programs-expect-increased-demand-this-year/ Around town: * AmeriCorps a Year After the Cuts Latest developments: PublicSource reports that a year after federal cuts hit AmeriCorps, some Pittsburgh-area organizations disrupted by the reductions may emerge stronger, though how to navigate the program's future remains in debate. AmeriCorps places service members with community organizations; last year's cuts upended that work across the region, raising the stakes for the groups and the communities they serve. - PublicSource: https://www.publicsource.org/one-year-after-americorp-cuts/ * Pittsburgh International Named Among World's Most Beautiful Airports Latest developments: Pittsburgh International Airport made the annual World's Most Beautiful Airports list, one of only two US airports honored, alongside Terminal 1 at San Diego International. The recognition follows the opening of the airport's new terminal, placing PIT on an international list of architectural standouts. - WPXI: https://www.wpxi.com/news/local/pittsburgh-international-airport-named-one-worlds-most-beautiful/FGP2YWBIDBBGLNDMNL4YGRMBAY/ * Monroeville Mall Demolition Set for Spring 2027 Latest developments: Pittsburgh City Paper reports the Monroeville Mall is now set for demolition in spring 2027, a firmer date than the uncertain timeline officials described earlier this month. The mall, famous as the setting of George Romero's "Dawn of the Dead" and host to its zombie-film conventions, drew fans for a final farewell gathering ahead of the teardown. - Pittsburgh City Paper: https://www.pghcitypaper.com/arts-entertainment-2/living-dead-weekends-farewell-to-the-monroeville-mall/ * Rain Returns Wednesday, Alert Day Thursday Latest developments: Forecasters call for highs in the 70s Tuesday with showers moving in this evening, rain returning late Wednesday, and an Alert Day Thursday for rain and storms. A wet stretch settles over Western Pennsylvania midweek after a pleasant Tuesday, with the heaviest rain and storms expected Thursday. - WTAE: https://www.wtae.com/article/rain-returns-late-wednesday-impact-day-thursday/71598337 - WPXI: https://www.wpxi.com/weather/highs-70s-tuesday-showers-move-this-evening/QSKTWIXXJBA3FMULE54IPUEBDQ/ SPORTS ---------------------------------------------------------------- Pirates (36-37) Mon Jun 15 · Pirates 2 · Athletics 11 · Final Nick Kurtz and Jeff McNeil power the A's to an 11-2 victory over the struggling Pirates https://plaintextsports.com/mlb/2026-06-15/pit-ath Up Next · Pirates @ Athletics · Tue Jun 16, 9:40 PM https://plaintextsports.com/mlb/2026-06-16/pit-ath Around the Teams: * Local Product Kyler Fedko Reaches the Majors Latest developments: Kyler Fedko, a Vincentian Academy product and son of a popular local sportscaster, made his MLB debut with the Minnesota Twins. Fedko's call-up gives the Pittsburgh area a hometown player to follow, the latest local product to reach the big leagues. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/16/mlb-news-rumors-minnesota-twins-kyler-john-fedko/stories/202606160027 * McCarthy Addresses the Team in New 'Forging Steel' Latest developments: The Steelers' team channel releases a new "Forging Steel" episode Tuesday at 1 p.m. featuring coach Mike McCarthy speaking to the team as the offseason program wraps. The behind-the-scenes series offers a look at McCarthy's message to players heading toward the break before training camp opens at Saint Vincent College in Latrobe. - Pittsburgh Steelers (YouTube): https://www.youtube.com/shorts/m4e1ztqGqs4 READING ---------------------------------------------------------------- * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron publishes financials showing OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company burns through cash with no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Ed Zitron -- AI's Brokenomics He dissects the economics underpinning the AI boom and contends the business models behind it do not add up, leaving the sector headed for a reckoning. https://www.wheresyoured.at/brokenomics/ * Stratechery -- Fox Buys Roku, The Problem With Fox's Smart Strategy, Streaming That Works Thompson argues Fox's unpopular Roku acquisition trades extracting value from rights holders for leverage as a distribution platform, a calculated bet on streaming aggregation. https://stratechery.com/2026/fox-buys-roku-the-problem-with-foxs-smart-strategy-streaming-that-works/ * Stratechery -- Anthropic's Safety Superpower Thompson argues Anthropic's conviction in its own safety commitment gives the company license to aggressively favor its business and even challenge the US government. https://stratechery.com/2026/anthropics-safety-superpower/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a survey of 6,000 digital workers, Newport argues knowledge work was already dysfunctional and that AI mainly exposes problems that predate it. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,377.03 ▼ -2.2% Dow 50,725.58 ▼ -0.7% Nasdaq 25,695.30 ▼ -3.8% WTI crude 86.31 ▼ -7.1% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-16 10:49 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================