daily plain-text briefing: security, markets, business, and pittsburgh
A critical SimpleHelp remote-support flaw and a cross-tenant Google Vertex AI bug widen the enterprise attack surface as attackers burrow into trusted platforms from Steam to Microsoft Teams.
Latest developments: Horizon3.ai disclosed CVE-2026-48558, a critical authentication-bypass flaw in SimpleHelp deployments that use OpenID Connect, letting an unauthenticated remote attacker forge a privileged Technician account.
SimpleHelp is a widely used remote monitoring and management tool. Through the forged Technician account, an attacker can remote into every managed endpoint, run scripts, and push files. Remote-management software grants broad reach across customer networks, so ransomware crews prize exactly this kind of flaw. Administrators running OIDC-configured SimpleHelp should patch at once and audit Technician accounts for unauthorized additions.
Sources: Help Net Security · BleepingComputer
Latest developments: Palo Alto Networks Unit 42 disclosed a Vertex AI Python SDK flaw it calls Pickle in the Middle, which let an attacker with no access to a victim's project hijack a model upload through bucket squatting and run code inside Google's serving infrastructure.
Vertex AI is Google Cloud's machine-learning platform. The technique abused predictable storage-bucket names to intercept a victim's model upload and achieve cross-tenant remote code execution. Unit 42 reported the bug through Google's bug bounty program and saw no exploitation in the wild; Google fixed it. The case shows how shared AI infrastructure can expose one customer's workloads to another.
Sources: Unit 42 (Palo Alto) · The Hacker News
Latest developments: Morphisec, BlueVoyant, and Huntress documented expanding ClickFix campaigns that deliver three loaders—BabaDeda, Lorem Ipsum, and Potemkin—with Dark Reading tying the Lorem Ipsum campaign, run through compromised WordPress sites, to the Vice Society extortion group.
ClickFix tricks users into pasting malicious commands by posing as a fake software update or verification prompt. BabaDeda attacks in April 2026 struck education and financial organizations. The loaders fetch follow-on payloads that lead toward data theft and extortion. Defenders should train staff never to paste commands into a Run dialog or terminal and should monitor for the new loader signatures.
Sources: The Hacker News · Dark Reading
Latest developments: Zimperium's zLabs documented Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps, carries 137 remote commands, and spreads through fake TikTok and Chrome downloads.
Rokarolla lifts lock-screen PINs, reads and sends SMS to harvest one-time codes, rewrites the clipboard to redirect crypto payments, and switches off Google Play Protect. The mix of banking fraud and full device surveillance hands an operator near-total control of an infected phone. The malware marks a clear evolution toward combined theft and espionage on mobile. Users should install apps only from official stores and refuse sideloaded updates.
Sources: The Hacker News · Dark Reading
Latest developments: The FTC reported Americans lost $3.5 billion to imposter scams in 2025, nearly triple the 2020 figure, as the FBI warned that cryptocurrency-investment scammers now dispatch couriers to collect cash from victims in person.
Imposter scams ride on fake personas across social media, text messages, and bogus trading platforms that show fabricated returns to lure deeper deposits. When banks block suspicious transfers, scammers pivot to in-person cash pickups to sidestep fraud controls. The shift turns online fraud into a physical logistics operation. Financial institutions and families should treat any request for cash handoffs or crypto deposits to a stranger as fraud.
Sources: BleepingComputer · Help Net Security
Latest developments: ESET attributed two Windows variants of the previously Linux-only SprySOCKS backdoor, marked WIN_DRV and WIN_PLUS, to the China-nexus group FishMonger, naming government targets in Honduras, Taiwan, Thailand, and Pakistan, with the WIN_DRV build loading a kernel driver to evade detection.
SprySOCKS communicates over TCP and UDP using hard-coded command-and-control settings. FishMonger traces to China's contract-hacking ecosystem and now reaches Windows estates it once could not touch. The kernel-driver variant blinds endpoint defenses from below the operating system. Government and research organizations across Asia and Latin America face the highest exposure.
Sources: Dark Reading · The Hacker News · BleepingComputer
Latest developments: California Water Service said it is investigating claims by Iranian hackers and so far finds no indication of operational disruption to its water and wastewater systems.
Cal Water is one of the largest investor-owned water utilities in California. Iranian crews have repeatedly probed U.S. water and wastewater systems, often targeting exposed industrial control devices. The utility says treatment and delivery operations remain unaffected while it verifies the intrusion claims. Water operators should review remote-access exposure and segment control networks from corporate IT.
Sources: SecurityWeek
Latest developments: Estonia will route emails from Russia's .ru top-level domain through extra security screening before they reach government officials, while the White House issued national security policy memorandum NSPM-12 to restructure governance of national security systems and reestablish the Committee on National Security Systems.
Estonia's measure treats an entire national domain as suspect, reflecting how heavily phishing rides on Russian infrastructure against neighboring states. NSPM-12 sets a clearer accountability structure for U.S. classified and defense networks and revives the interagency body that sets their standards. Both moves favor structural defense over reactive cleanup. Agencies and contractors tied to national security systems should expect tighter baseline requirements.
Sources: The Record · SecurityWeek
Latest developments: Brent crude tumbled to a three-month low under $80 on Tuesday, its fourth straight session of declines, after Washington and Tehran agreed to extend their ceasefire.
The published US-Iran terms let Tehran immediately resume oil sales and waive banking and transport sanctions, and traders now expect Strait of Hormuz shipments to flow freely, unwinding the war's energy shock.
Sources: FT Markets · WSJ World News
Latest developments: Treasury yields fell for a second straight session as investors positioned for the Federal Reserve, holding its first meeting under new chair Kevin Warsh, to keep rates steady in Wednesday's decision.
The peace agreement and falling oil have eased the inflation fears that complicated the central bank's path, and markets read the combination as cover for a hold.
Sources: WSJ Markets
Latest developments: G7 leaders agreed at their summit to raise pressure on Moscow notably through new limits on Russian oil and gas exports, turning attention back to Ukraine after months focused on Iran.
The coordinated move by the wealthy-nations club aims to squeeze the revenue funding Russia's war, and it lands as the bloc weighs tighter enforcement against Moscow's shadow oil fleet.
Sources: FT World
This Afternoon: Mostly Sunny, high 76F.
Tonight: Mostly Cloudy then Chance Rain Showers, low 59F.
Wednesday: Mostly Sunny, high 81F.
Latest developments: The Pennsylvania Supreme Court ruled Monday, 5-2, that the loosely regulated skill games in bars, convenience stores, and VFW halls are slot machines subject to state gambling law.
Justice David Wecht wrote that the machines meet several legal definitions of a slot machine, a decision that exposes thousands of devices across the commonwealth to taxation and regulation and leaves their future uncertain.
Latest developments: Carnegie Mellon University committed $3 million over five years to support city education programs, the latest tax-exempt nonprofit to make a voluntary contribution to municipal finances.
The pledge, directed in part to the Rec2Tech program, adds to a string of payments from large tax-exempt institutions as Pittsburgh presses universities and hospitals to help fund city services.
Sources: Pittsburgh Post-Gazette · PublicSource
Latest developments: Walnut Capital presented plans to Pittsburgh's Planning Commission to expand Bakery Square with a six-story residential building next to the tech hub.
The proposal would add apartments to the East End development that anchors the city's technology corridor, deepening the residential side of a complex built around offices and retail.
Sources: PublicSource
Latest developments: Forecasters flagged Thursday as an alert day for the Pittsburgh region, with rain returning late Wednesday and a threat of flooding, severe storms, and damaging wind.
The system follows a stretch of severe weather that spawned tornadoes across Western Pennsylvania and eastern Ohio, and it raises the risk of flooding on already saturated ground.
Sources: WTAE
Latest developments: Crews begin the next phase of demolishing the Jacks Run Road Bridge this week, fully closing part of the Parkway North overnight after equipment problems delayed the earlier start.
The closures support replacement of the span over Interstate 279, one of the main commuter routes between the North Hills and downtown Pittsburgh.
Sources: Pittsburgh Post-Gazette
Latest developments: Residents served by the Beaver Falls Municipal Authority have switched to bottled water after weeks of foul odor and taste, and the authority says the water is safe and has begun flushing its system.
The utility draws from the river before treating its supply; communities in Beaver and Butler counties report the problem began weeks ago, affecting drinking and cleaning.
Sources: KDKA
Latest developments: A black bear swam across North Park Lake in McCandless Township on Tuesday, and Allegheny County urged onlookers to admire it from a distance and avoid contact.
The sighting follows several bear reports around the region in recent days, part of a pattern of bears wandering closer to populated areas in early summer.
Latest developments: Monster Jam returns to Acrisure Stadium on Saturday, June 20, transforming the field into a dirt race track for only the second time.
Monster Jam, a live motor-sport event featuring massive custom-built monster trucks, runs Saturday at Acrisure Stadium on Pittsburgh's North Shore, replacing the turf with a dirt course for racing and freestyle competition.
Sources: TribLive
Latest developments: Palm Palm, one of Pittsburgh's popular restaurants, has reworked its dining experience with a tropical-themed pop-up.
The downtown spot has redecorated and refreshed its menu around a tropical theme, offering a seasonal change of scene for diners.
Sources: KDKA
Pirates (36-37)
Mon Jun 15 · Pirates 2 · Athletics 11 · Final
Nick Kurtz and Jeff McNeil power the A's to an 11-2 victory over the struggling Pirates
Up Next · Pirates @ Athletics · Tue Jun 16, 9:40 PM
Latest developments: The Post-Gazette reports the Steelers are unlikely to bid for quarterback Brendan Sorsby in the NFL's supplemental draft, comfortable with Drew Allar and Will Howard at the position.
Sorsby, who entered the supplemental pool after a gambling matter, drew speculation about Pittsburgh's interest, but the beat expects the team to hold its current quarterback room.
Sources: Post-Gazette Steelers
Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler broke down the next generation of quarterbacks heading toward the 2027 NFL Draft.
The team podcast surveyed college passers who could shape the league's future, a long-range look at the position as Pittsburgh weighs its own quarterback plans.
Sources: Pittsburgh Steelers (YouTube)
Latest developments: The Steelers released the second episode of Forging Steel, an inside look at the team's 2026 NFL Draft, with coach Mike McCarthy addressing the squad.
The team's documentary series takes viewers behind the scenes of draft preparation and decisions, part of the club's offseason content as the season nears.
Sources: Pittsburgh Steelers (YouTube)
S&P 500 7,406.74 ▼ -1.3% Dow 50,902.59 ▼ -0.3% Nasdaq 25,846.15 ▼ -2.4% WTI crude 86.31 ▼ -7.1% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2%