daily plain-text briefing: security, markets, business, and pittsburgh
A maximum-severity Joomla flaw under active exploitation drew a Friday CISA patch deadline, landing amid a heavy vendor patch day and a fresh ShinyHunters extortion claim against Kodak.
Latest developments: CISA ordered federal agencies to patch the maximum-severity Joomla Content Editor flaw CVE-2026-48907 (CVSS 10.0) by Friday as attackers exploit it alongside a LiteSpeed cPanel plugin flaw to run PHP code and seize root on shared hosts.
The Widget Factory Joomla Content Editor plugin carries an improper access-control bug that lets attackers run arbitrary PHP code on affected sites; on shared hosting, a separate LiteSpeed cPanel plugin flaw hands attackers root. CISA added the Joomla flaw to its known exploited catalog and set a hard Friday deadline for agencies. Site operators should apply the JCE update and the LiteSpeed fix immediately.
Sources: BleepingComputer · The Hacker News · SecurityWeek
Latest developments: Oracle shipped 245 fixes in its June critical patch update, Google and Mozilla patched critical memory-safety bugs enabling remote code execution in Chrome and Firefox, Rockwell Automation fixed flaws across Logix and FactoryTalk, and the deadline to renew expiring Secure Boot keys neared for Windows and Linux machines.
The releases span enterprise databases, web browsers, and factory-floor controllers. Oracle's update covers Communications, E-Business Suite, and Enterprise Manager; the Chrome and Firefox fixes close memory-safety holes that allow remote code execution; Rockwell patched Logix, CompactLogix, Flex, RSLinx, and FactoryTalk. Administrators face an unusually wide patch surface in one day, and Secure Boot key holders must renew before the expiration deadline to keep machines booting securely.
Sources: SecurityWeek · SecurityWeek · SecurityWeek · Ars Technica Security
Latest developments: Microsoft assigned CVE-2026-50656 to the RoguePlanet Defender elevation-of-privilege bug and confirmed it is building a fix; the flaw stems from improper link resolution before file access, and a public proof-of-concept spawns a System-level command prompt through a race condition.
RoguePlanet abuses how Microsoft Defender resolves file links, letting an authenticated attacker escalate to System with no user interaction and low attack complexity. A public proof-of-concept exploits a race condition to open a System-level command prompt. Microsoft has not shipped a fix yet and says a high-quality update is coming; defenders should watch for Defender abuse until it arrives.
Sources: Help Net Security · SecurityWeek · BleepingComputer
Latest developments: Kodak confirmed it engaged outside cybersecurity experts to investigate a breach after the ShinyHunters extortion gang claimed it stole company data.
Kodak said intruders accessed some of its data, confirming a claim by ShinyHunters, the extortion gang that recently exploited the Oracle PeopleSoft zero-day to loot universities. The company has not yet detailed what the attackers took. Organizations exposed to ShinyHunters activity should review Oracle and identity-system logs and tighten access to sensitive stores.
Sources: BleepingComputer
Latest developments: The FTC reported that Americans lost a record $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020.
The FTC said imposter scams, in which criminals pose as banks, government agencies, businesses, or romantic partners, drove $3.5 billion in reported 2025 losses. The figure reflects only reported cases, so true losses run higher. Consumers should verify any unsolicited contact through official channels before sending money or sharing credentials.
Sources: BleepingComputer
Latest developments: Security technologist Bruce Schneier flagged an Office of Management and Budget disclosure from April 14 listing 3,611 active or planned federal AI use cases, up 70% from the Biden administration's final tally.
The OMB catalog spans agencies across the government and jumped 70% over the prior administration's accounting. Schneier notes it includes plans to automate sensitive government functions, raising oversight and security questions. The scale signals how deeply agencies now embed AI in operations and how wide the resulting attack and accountability surface has grown.
Sources: Schneier on Security
Latest developments: Senator Mark Warner warned the acting CISA director that budget cuts and staffing gaps endanger the agency and pressed DHS to fund the MS-ISAC, while the Council of the European Union added Ukraine to its Cybersecurity Reserve, opening emergency incident-response support during major attacks.
Warner told the acting CISA chief that cuts threaten the agency's mission and urged DHS Secretary Markwayne Mullin to prioritize CISA and pay for the MS-ISAC that serves state and local governments. Separately, the EU added Ukraine to its ENISA-run Cybersecurity Reserve, letting Kyiv summon trusted private-sector incident responders during large-scale incidents. Both moves turn on the resources defenders can muster against rising threats.
Sources: The Record · Help Net Security
Latest developments: Leaked copies of the accord, released two days after it was finalized, show Iran reopening the Strait of Hormuz and selling oil freely once signed, and President Trump, facing bipartisan backlash, said the United States will not invest in a reported $300 billion Iran fund as G7 leaders endorsed the plan.
The interim U.S.-Iran agreement ends the Gulf war by reopening the Strait of Hormuz to shipping and lifting oil-sale and banking sanctions on Tehran. Members of Congress are demanding the full terms amid confusion over the financial provisions, and NATO allies led by Britain and France stand ready to help restore Gulf shipping.
Sources: FT World · WSJ World News
Latest developments: Italy's UniCredit is edging closer to acquiring German rival Commerzbank, moving the largest European banking deal in years toward completion.
A UniCredit-Commerzbank combination would create a pan-European financial giant spanning Italy and Germany, consolidating two of the continent's major lenders into one cross-border institution.
Sources: WSJ Markets
Today: Mostly Sunny, high 82F.
Tonight: Scattered Showers And Thunderstorms, low 69F.
Thursday: Showers And Thunderstorms then Mostly Sunny, high 84F.
Latest developments: The University of Pittsburgh purchased the Hemingway's Cafe property on Forbes Avenue in Oakland, which closed in May after decades.
Hemingway's Cafe poured cheap pitchers for Pitt students for decades along Forbes Avenue before shutting in May. The university's purchase keeps the Oakland site tied to Pitt, with no reuse plan yet announced.
Sources: TribLive
Latest developments: Pittsburgh Sandwich Society will close its spot inside Strange Roots' Millvale taproom on June 27 after deciding not to renew its lease.
Pittsburgh Sandwich Society spent five years operating inside the Strange Roots taproom in Millvale. Its departure coincides with a new eatery moving into the space.
Sources: TribLive
Latest developments: Mike Poggi, a craft-beer lover sober for a decade, launched Virtue Signal Brewing Co. in May, a Pittsburgh maker of non-alcoholic beer.
Virtue Signal Brewing Co. produces non-alcoholic craft beers for drinkers who still want the flavor. Founder Mike Poggi, sober for ten years, started the company this spring.
Sources: Pittsburgh Magazine
Latest developments: PennDOT will fully close part of the Parkway East (Interstate 376) for 25 days, starting earlier than the early-July date first announced and drawing outrage from nearby residents, to demolish the old Commercial Street Bridge and slide a new span into place.
The closure reroutes thousands of drivers onto detours through Pittsburgh neighborhoods while crews replace the Commercial Street Bridge. PennDOT has published the detour routes.
Latest developments: Carnegie Mellon University will gift $3 million to the City of Pittsburgh for education and infrastructure, an expansion of its partnership that Mayor Corey O'Connor announced.
The payment from Carnegie Mellon, one of the city's largest nonprofit institutions, funds municipal education and infrastructure programs. Mayor Corey O'Connor framed it as a deepening of the university's civic partnership.
Sources: WPXI
Latest developments: Duquesne Light and West Penn Power customers saw higher bills this month, and assistance programs are available to cover the increase.
Monthly electricity costs rose for customers of both utilities across Western Pennsylvania. State and utility assistance programs can offset the higher charges for those who qualify.
Sources: TribLive
Latest developments: Forecasters warn unusually strong storms will hit Pittsburgh overnight Wednesday, ahead of a Severe Weather Alert Day Thursday carrying risks of flash flooding, damaging winds, and hail.
Two rounds of severe weather are bearing down on the region, the first overnight and a stronger threat Thursday morning that could snarl the commute. Power outages are possible.
Sources: WTAE · Pittsburgh Post-Gazette
Latest developments: The Westmoreland County Housing Authority will start building a four-story, 50-unit senior apartment complex in Rostraver next month.
The senior housing project advances as the authority finishes low-income townhouses in Mt. Pleasant Township. Construction begins in July.
Sources: TribLive
Latest developments: Juneteenth in the Square runs Friday through Sunday, June 19-21, in Market Square downtown, featuring Black musicians with roots in Pittsburgh.
The free downtown celebration fills Market Square with music across the June 19 holiday weekend, June 19-21, nodding to the city's jazz legacy centered on the Hill District's Crawford Grill. Pittsburgh Magazine lists it among the weekend's top things to do.
Sources: Pittsburgh Magazine
Pirates (37-37)
Tue Jun 16 · Pirates 6 · Athletics 5 · Final
Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory
Up Next · Pirates @ Athletics · Wed Jun 17, 9:40 PM
Latest developments: Tight end Darnell Washington joined Not Just Football with Cam Heyward after signing a four-year, $42 million extension with the Steelers, discussing the deal, Connor Heyward's departure, and the coming season.
Washington, the 6-foot-7 tight end out of Georgia, locked in his future in Pittsburgh with the new contract. On the podcast he covered fatherhood, his blocking reputation, and his back-to-back college championships.
Sources: Not Just Football with Cam Heyward
Latest developments: Quarterback Brendan Sorsby formally applied for the NFL supplemental draft, and the Post-Gazette reports the Steelers are unlikely to submit a bid.
Sorsby's entry into the rarely used supplemental draft puts him in front of all 32 teams. Pittsburgh, set at quarterback, appears uninterested.
Sources: Post-Gazette Steelers
Latest developments: In his June 17 chat, Post-Gazette beat writer Gerry Dulac fielded questions on Aaron Rodgers, coach Mike McCarthy, and quarterbacks Will Howard and Drew Allar.
Dulac's weekly Q&A ran through the Steelers' quarterback picture and roster questions heading toward training camp at Saint Vincent College.
Sources: Post-Gazette Steelers
S&P 500 7,431.68 ▼ -0.4% Dow 51,128.10 ▲ +0.3% Nasdaq 25,985.66 ▼ -0.8% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1569 ▼ -0.1% GBP/USD 1.3403 ▲ +0.1% USD/JPY 160.25 ▲ +0.1%