================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Tuesday, June 16, 2026 - 4:04 PM EDT ================================================================ A critical SimpleHelp remote-support flaw and a cross-tenant Google Vertex AI bug widen the enterprise attack surface as attackers burrow into trusted platforms from Steam to Microsoft Teams. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * Trusted Platforms: Attackers increasingly hide inside legitimate services—Steam Workshop, Roblox, Microsoft Teams relays, compromised WordPress, and fake update prompts—to deliver malware that endpoint tools trust by default. * AI Attack Surface: Flaws now sit in the AI infrastructure itself, from cross-tenant code execution in Google Vertex AI to the Copilot SearchLeak prompt-injection chain, turning machine-learning platforms into a fresh class of target. * Remote Tooling: Critical bugs in remote-management and security appliances—SimpleHelp, FortiSandbox, Cisco SD-WAN, the LiteSpeed cPanel plugin—hand attackers privileged footholds across whole fleets at once. * Scam Economy: Record imposter-scam losses and FBI warnings of couriers collecting cash in person show fraud operations scaling into logistics, not just phishing. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. SIMPLEHELP FLAW LETS ATTACKERS FORGE REMOTE-SUPPORT ACCOUNTS [vulnerability, rmm, patch] Latest developments: Horizon3.ai disclosed CVE-2026-48558, a critical authentication-bypass flaw in SimpleHelp deployments that use OpenID Connect, letting an unauthenticated remote attacker forge a privileged Technician account. SimpleHelp is a widely used remote monitoring and management tool. Through the forged Technician account, an attacker can remote into every managed endpoint, run scripts, and push files. Remote-management software grants broad reach across customer networks, so ransomware crews prize exactly this kind of flaw. Administrators running OIDC-configured SimpleHelp should patch at once and audit Technician accounts for unauthorized additions. - Help Net Security: https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ :: AI SECURITY 2. PICKLE IN THE MIDDLE HIJACKS GOOGLE VERTEX AI UPLOADS [ai, vulnerability, cloud] Latest developments: Palo Alto Networks Unit 42 disclosed a Vertex AI Python SDK flaw it calls Pickle in the Middle, which let an attacker with no access to a victim's project hijack a model upload through bucket squatting and run code inside Google's serving infrastructure. Vertex AI is Google Cloud's machine-learning platform. The technique abused predictable storage-bucket names to intercept a victim's model upload and achieve cross-tenant remote code execution. Unit 42 reported the bug through Google's bug bounty program and saw no exploitation in the wild; Google fixed it. The case shows how shared AI infrastructure can expose one customer's workloads to another. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ - The Hacker News: https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html :: RANSOMWARE AND CYBERCRIME 3. CLICKFIX CAMPAIGNS PUSH THREE NEW MALWARE LOADERS [malware, clickfix, ransomware] Latest developments: Morphisec, BlueVoyant, and Huntress documented expanding ClickFix campaigns that deliver three loaders—BabaDeda, Lorem Ipsum, and Potemkin—with Dark Reading tying the Lorem Ipsum campaign, run through compromised WordPress sites, to the Vice Society extortion group. ClickFix tricks users into pasting malicious commands by posing as a fake software update or verification prompt. BabaDeda attacks in April 2026 struck education and financial organizations. The loaders fetch follow-on payloads that lead toward data theft and extortion. Defenders should train staff never to paste commands into a Run dialog or terminal and should monitor for the new loader signatures. - The Hacker News: https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery 4. ROKAROLLA ANDROID TROJAN SEIZES FULL PHONE CONTROL [malware, android, banking] Latest developments: Zimperium's zLabs documented Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps, carries 137 remote commands, and spreads through fake TikTok and Chrome downloads. Rokarolla lifts lock-screen PINs, reads and sends SMS to harvest one-time codes, rewrites the clipboard to redirect crypto payments, and switches off Google Play Protect. The mix of banking fraud and full device surveillance hands an operator near-total control of an infected phone. The malware marks a clear evolution toward combined theft and espionage on mobile. Users should install apps only from official stores and refuse sideloaded updates. - The Hacker News: https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html - Dark Reading: https://www.darkreading.com/endpoint-security/rokarolla-android-trojan 5. IMPOSTER-SCAM LOSSES HIT RECORD $3.5 BILLION [scam, fraud, cryptocurrency] Latest developments: The FTC reported Americans lost $3.5 billion to imposter scams in 2025, nearly triple the 2020 figure, as the FBI warned that cryptocurrency-investment scammers now dispatch couriers to collect cash from victims in person. Imposter scams ride on fake personas across social media, text messages, and bogus trading platforms that show fabricated returns to lure deeper deposits. When banks block suspicious transfers, scammers pivot to in-person cash pickups to sidestep fraud controls. The shift turns online fraud into a physical logistics operation. Financial institutions and families should treat any request for cash handoffs or crypto deposits to a stranger as fraud. - BleepingComputer: https://www.bleepingcomputer.com/news/security/ftc-warns-of-record-35-billion-losses-to-imposter-scams-in-2025/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/16/crypto-scammers-couriers-cash-pickups-fbi-warning/ :: NATION-STATE ACTIVITY 6. FISHMONGER PORTS SPRYSOCKS BACKDOOR TO WINDOWS [apt, china, malware] Latest developments: ESET attributed two Windows variants of the previously Linux-only SprySOCKS backdoor, marked WIN_DRV and WIN_PLUS, to the China-nexus group FishMonger, naming government targets in Honduras, Taiwan, Thailand, and Pakistan, with the WIN_DRV build loading a kernel driver to evade detection. SprySOCKS communicates over TCP and UDP using hard-coded command-and-control settings. FishMonger traces to China's contract-hacking ecosystem and now reaches Windows estates it once could not touch. The kernel-driver variant blinds endpoint defenses from below the operating system. Government and research organizations across Asia and Latin America face the highest exposure. - Dark Reading: https://www.darkreading.com/threat-intelligence/sprysocks-windows-variant-kernel-drivers - The Hacker News: https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/ 7. IRANIAN HACKERS CLAIM CALIFORNIA WATER UTILITY BREACH [apt, iran, critical-infrastructure] Latest developments: California Water Service said it is investigating claims by Iranian hackers and so far finds no indication of operational disruption to its water and wastewater systems. Cal Water is one of the largest investor-owned water utilities in California. Iranian crews have repeatedly probed U.S. water and wastewater systems, often targeting exposed industrial control devices. The utility says treatment and delivery operations remain unaffected while it verifies the intrusion claims. Water operators should review remote-access exposure and segment control networks from corporate IT. - SecurityWeek: https://www.securityweek.com/cal-water-investigating-iranian-hackers-claims/ :: POLICY AND REGULATION 8. GOVERNMENTS WALL OFF RUSSIAN EMAIL AND REORGANIZE NATIONAL SYSTEMS [policy, government] Latest developments: Estonia will route emails from Russia's .ru top-level domain through extra security screening before they reach government officials, while the White House issued national security policy memorandum NSPM-12 to restructure governance of national security systems and reestablish the Committee on National Security Systems. Estonia's measure treats an entire national domain as suspect, reflecting how heavily phishing rides on Russian infrastructure against neighboring states. NSPM-12 sets a clearer accountability structure for U.S. classified and defense networks and revives the interagency body that sets their standards. Both moves favor structural defense over reactive cleanup. Agencies and contractors tied to national security systems should expect tighter baseline requirements. - The Record: https://therecord.media/estonia-quarantine-russian-emails - SecurityWeek: https://www.securityweek.com/white-house-issues-memo-to-bolster-nss-cybersecurity/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Oil Sinks Below $80 as Iran Ceasefire Extends Latest developments: Brent crude tumbled to a three-month low under $80 on Tuesday, its fourth straight session of declines, after Washington and Tehran agreed to extend their ceasefire. The published US-Iran terms let Tehran immediately resume oil sales and waive banking and transport sanctions, and traders now expect Strait of Hormuz shipments to flow freely, unwinding the war's energy shock. - FT Markets: https://www.ft.com/content/45340e55-aa6a-4302-a606-a869f5cb6189 - WSJ World News: https://www.wsj.com/world/middle-east/the-trump-iran-deal-allows-tehran-to-immediately-sell-oil-37a1ebe5 * Yields Fall Ahead of Expected Fed Hold Latest developments: Treasury yields fell for a second straight session as investors positioned for the Federal Reserve, holding its first meeting under new chair Kevin Warsh, to keep rates steady in Wednesday's decision. The peace agreement and falling oil have eased the inflation fears that complicated the central bank's path, and markets read the combination as cover for a hold. - WSJ Markets: https://www.wsj.com/finance/jgb-futures-edge-lower-ahead-of-bojs-rate-decision-6b5d01ff?mod=rss_markets_main * G7 Agrees to Tighten Russian Energy Sanctions Latest developments: G7 leaders agreed at their summit to raise pressure on Moscow notably through new limits on Russian oil and gas exports, turning attention back to Ukraine after months focused on Iran. The coordinated move by the wealthy-nations club aims to squeeze the revenue funding Russia's war, and it lands as the bloc weighs tighter enforcement against Moscow's shadow oil fleet. - FT World: https://www.ft.com/content/a7b956d0-97ce-4a54-ba1d-e1c6eee9a293 PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Mostly Sunny, high 76F. Tonight: Mostly Cloudy then Chance Rain Showers, low 59F. Wednesday: Mostly Sunny, high 81F. Business: * Pennsylvania Court Rules Skill Games Are Slot Machines Latest developments: The Pennsylvania Supreme Court ruled Monday, 5-2, that the loosely regulated skill games in bars, convenience stores, and VFW halls are slot machines subject to state gambling law. Justice David Wecht wrote that the machines meet several legal definitions of a slot machine, a decision that exposes thousands of devices across the commonwealth to taxation and regulation and leaves their future uncertain. - WTAE: https://www.wtae.com/article/pennsylvania-skill-games-gambling-slot-machines/71604213 - KDKA: https://www.cbsnews.com/pittsburgh/news/pennsylvania-skill-games-ruling-supreme-court/ * CMU Pledges $3 Million to Pittsburgh Latest developments: Carnegie Mellon University committed $3 million over five years to support city education programs, the latest tax-exempt nonprofit to make a voluntary contribution to municipal finances. The pledge, directed in part to the Rec2Tech program, adds to a string of payments from large tax-exempt institutions as Pittsburgh presses universities and hospitals to help fund city services. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-local/2026/06/16/carnegie-mellon-university-rec2tech-nonprofit-pittsburgh-finances/stories/202606160044 - PublicSource: https://www.publicsource.org/cmu-pittsburgh-3-million-contribution/ * Walnut Capital Plans Bakery Square Apartments Latest developments: Walnut Capital presented plans to Pittsburgh's Planning Commission to expand Bakery Square with a six-story residential building next to the tech hub. The proposal would add apartments to the East End development that anchors the city's technology corridor, deepening the residential side of a complex built around offices and retail. - PublicSource: https://www.publicsource.org/bakery-square-proposed-housing-development/ Around town: * Alert Day Thursday for Flooding and Wind Latest developments: Forecasters flagged Thursday as an alert day for the Pittsburgh region, with rain returning late Wednesday and a threat of flooding, severe storms, and damaging wind. The system follows a stretch of severe weather that spawned tornadoes across Western Pennsylvania and eastern Ohio, and it raises the risk of flooding on already saturated ground. - WTAE: https://www.wtae.com/article/rain-returns-late-wednesday-impact-day-thursday/71598337 * Parkway North Closes Overnight for Bridge Work Latest developments: Crews begin the next phase of demolishing the Jacks Run Road Bridge this week, fully closing part of the Parkway North overnight after equipment problems delayed the earlier start. The closures support replacement of the span over Interstate 279, one of the main commuter routes between the North Hills and downtown Pittsburgh. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/16/jacks-run-bridge-demolition-construction/stories/202606160047 * Beaver and Butler Residents Turn to Bottled Water Latest developments: Residents served by the Beaver Falls Municipal Authority have switched to bottled water after weeks of foul odor and taste, and the authority says the water is safe and has begun flushing its system. The utility draws from the river before treating its supply; communities in Beaver and Butler counties report the problem began weeks ago, affecting drinking and cleaning. - KDKA: https://www.cbsnews.com/pittsburgh/news/water-taste-odor-issue-beaver-butler-counties/ * Black Bear Swims in North Park Lake Latest developments: A black bear swam across North Park Lake in McCandless Township on Tuesday, and Allegheny County urged onlookers to admire it from a distance and avoid contact. The sighting follows several bear reports around the region in recent days, part of a pattern of bears wandering closer to populated areas in early summer. - WTAE: https://www.wtae.com/article/pittsburgh-area-black-bear-swims-in-north-park-lake/71604188 - TribLive: https://triblive.com/local/black-bear-seen-swimming-in-north-park-lake/ Events: * Monster Jam at Acrisure Stadium Latest developments: Monster Jam returns to Acrisure Stadium on Saturday, June 20, transforming the field into a dirt race track for only the second time. Monster Jam, a live motor-sport event featuring massive custom-built monster trucks, runs Saturday at Acrisure Stadium on Pittsburgh's North Shore, replacing the turf with a dirt course for racing and freestyle competition. - TribLive: https://triblive.com/local/monster-jam-returns-full-throttle-to-acrisure-stadium/ * Tropical Pop-Up at Palm Palm Latest developments: Palm Palm, one of Pittsburgh's popular restaurants, has reworked its dining experience with a tropical-themed pop-up. The downtown spot has redecorated and refreshed its menu around a tropical theme, offering a seasonal change of scene for diners. - KDKA: https://www.cbsnews.com/pittsburgh/video/a-tropical-escape-just-popped-up-at-one-of-pittsburghs-most-popular-restaurants/ SPORTS ---------------------------------------------------------------- Pirates (36-37) Mon Jun 15 · Pirates 2 · Athletics 11 · Final Nick Kurtz and Jeff McNeil power the A's to an 11-2 victory over the struggling Pirates https://plaintextsports.com/mlb/2026-06-15/pit-ath Up Next · Pirates @ Athletics · Tue Jun 16, 9:40 PM https://plaintextsports.com/mlb/2026-06-16/pit-ath Around the Teams: * Steelers Pass on Supplemental Draft QB Latest developments: The Post-Gazette reports the Steelers are unlikely to bid for quarterback Brendan Sorsby in the NFL's supplemental draft, comfortable with Drew Allar and Will Howard at the position. Sorsby, who entered the supplemental pool after a gambling matter, drew speculation about Pittsburgh's interest, but the beat expects the team to hold its current quarterback room. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/16/sorsby-gambling-supplemental-draft-allar-howard/stories/202606160042 * SNR Drive Scouts the 2027 QB Class Latest developments: On the Steelers' SNR Drive, Matt Williamson and Wes Uhler broke down the next generation of quarterbacks heading toward the 2027 NFL Draft. The team podcast surveyed college passers who could shape the league's future, a long-range look at the position as Pittsburgh weighs its own quarterback plans. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=5tvT88338iI * Forging Steel Goes Inside the Draft Latest developments: The Steelers released the second episode of Forging Steel, an inside look at the team's 2026 NFL Draft, with coach Mike McCarthy addressing the squad. The team's documentary series takes viewers behind the scenes of draft preparation and decisions, part of the club's offseason content as the season nears. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=TkV9_btUE3c READING ---------------------------------------------------------------- * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron reports OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the figures show a company with no credible path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Stratechery -- Fox Buys Roku, The Problem With Fox's Smart Strategy, Streaming That Works Thompson argues Fox's acquisition of Roku trades the leverage of extracting fees from rights holders for the weaker position of a distribution renter, explaining why the market disliked the deal. https://stratechery.com/2026/fox-buys-roku-the-problem-with-foxs-smart-strategy-streaming-that-works/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Newport contends that knowledge work was already dysfunctional before AI, and that the technology mostly exposes and amplifies existing problems with how digital work is organized. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,406.74 ▼ -1.3% Dow 50,902.59 ▼ -0.3% Nasdaq 25,846.15 ▼ -2.4% WTI crude 86.31 ▼ -7.1% EUR/USD 1.1556 ▼ -0.4% GBP/USD 1.3386 ▼ -0.3% USD/JPY 160.23 ▲ +0.2% ================================================================ Generated 2026-06-16 16:04 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================