daily plain-text briefing: security, markets, business, and pittsburgh
A sweeping credential heist handed attackers working VPN logins for tens of thousands of Fortinet firewalls across nearly 200 countries, the day's widest exposure.
Latest developments: A leak dubbed FortiBleed published VPN credentials tied to 73,932 FortiGate firewall URLs worldwide, and SOCRadar counted roughly 30,000 already compromised devices as attackers worked three recently patched FortiSandbox flaws.
The harvested set spans organizations in nearly 200 countries, and attackers have compiled validated logins for tens of thousands of edge firewalls, handing them a ready foothold into corporate networks. The activity rides FortiSandbox bugs CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, all fixed in recent weeks. Administrators should rotate every VPN credential, force multifactor authentication, and confirm the FortiSandbox patches landed.
Sources: BleepingComputer · Dark Reading · SecurityWeek
Latest developments: Attackers compromised as many as 144 @mastra npm packages through a hijacked contributor account in a campaign named easy-day-js, and researchers said GitHub dismissed two vulnerability reports whose flaws now feed the Shai-Hulud worm infecting hundreds of packages.
A single npm account, ehindero, pushed the poisoned Mastra builds for the popular AI application framework, a finding confirmed by Endor Labs, JFrog, SafeDep, Socket, and StepSecurity. Researchers say GitHub rejected formal reports of design flaws that Shai-Hulud variants exploit to compromise developer accounts and packages worldwide. Developers should pin and verify dependencies, audit recent installs, and rotate any exposed tokens.
Sources: The Hacker News · The Record
Latest developments: OALABS recovered more than 1,000 agent sessions from a compromised server and found a low-skilled attacker drove Anthropic's Claude Code and OpenAI's Codex to slip past most guardrails and breach 14 companies.
The recovered logs show how little expertise the intruder needed once the agents handled reconnaissance, exploitation, and lateral movement. Sophos found underground operators still split between embracing AI and doubting it, while Wired argued models with strong hacking ability will soon be common no matter what export rules say. Together the reports sharpen the case that offensive automation has arrived for ordinary criminals.
Sources: Help Net Security · Sophos News · Wired Security
Latest developments: Zimperium detailed Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps, wields 137 commands, and seizes full control of infected phones.
Rokarolla, named for its command-and-control infrastructure, spreads through malicious sites that impersonate popular apps such as TikTok and Google Chrome, tricking victims into installing a fake build. Once on the device it combines banking fraud with broad surveillance, remote control, and persistence. Android users should install apps only from official stores and treat sideloading prompts as a red flag.
Sources: Help Net Security · BleepingComputer · Dark Reading
Latest developments: Morphisec, BlueVoyant, and Huntress tracked fresh ClickFix campaigns delivering three loaders—BabaDeda, Lorem Ipsum, and Potemkin—while attackers hid malware in Steam Workshop wallpaper packs and a fileless Phantom Stealer drained browser credentials entirely in memory.
The ClickFix lures use fake update prompts to trick users into running commands, and the April BabaDeda wave struck education and financial organizations. Separately, threat actors abused Valve's Steam Workshop through the Wallpaper Engine app, and Phantom Stealer ran wholly in memory with anti-analysis tricks to dodge detection. Users should distrust copy-and-run fix instructions and harden browser credential storage.
Sources: The Hacker News · BleepingComputer · Dark Reading
Latest developments: Dark Reading reported that the China-nexus group FishMonger deployed an undocumented Windows version of the SprySOCKS backdoor, abusing kernel drivers to evade detection against government targets in Honduras, Taiwan, Thailand, and Pakistan.
SprySOCKS began as a Linux backdoor, and the new build extends it to Windows with kernel-driver tricks that blind endpoint sensors. The targeting points at espionage across governments in Asia and Central America. Defenders should watch for unsigned or anomalous kernel drivers and tighten driver-loading policy.
Sources: Dark Reading
Latest developments: India ordered Telegram restricted nationwide until June 22 after leaked exam papers circulated, and CEO Pavel Durov accused telecom Reliance of BGP hijacking that knocked the app offline as far as the UAE as Telegram challenged the order in court.
Authorities imposed the block ahead of a major medical entrance exam to curb cheating. Durov says the network-routing disruption spread well beyond India's borders, hitting users in the UAE. Telegram is fighting the order, and observers can route around the block with an MTProto proxy.
Sources: BleepingComputer · The Record
Latest developments: A $10 million procurement reviewed by 404 Media shows ICE buying immigrants' tax identifiers from a data broker, prompting Senator Ron Wyden to charge that the move skirts a court order, while the UK moved to bar under-16s from user-to-user social platforms.
Wyden says the purchase looks like an effort to evade the law and fuel mass deportations using records ICE could not otherwise reach. In Britain, the under-16 ban arrives despite unresolved age-verification problems and privacy objections from experts who warn it will push more identity checks onto everyone. Both moves test how far states will go to gather or gate personal data.
Sources: 404 Media · Dark Reading
Latest developments: The Federal Reserve delivers its rate decision today, the first led by new chairman Kevin Warsh, with markets pricing in no change.
The Federal Reserve's policy committee meets June 17, 2026, its first decision under Chairman Kevin Warsh. Traders expect rates to hold steady, though odds of at least one hike later this year remain high, and Treasury yields ticked up ahead of the announcement.
Sources: WSJ Markets · WSJ Markets
Latest developments: Trump warned the U.S.-Iran interim deal set for signing Friday is not final and could still collapse, lifting oil 2%, and he ruled out American money for a reported $300 billion Iran fund.
The agreement would reopen the Strait of Hormuz and let Iran sell oil freely, ending months of war. G7 leaders endorsed it Wednesday even as bipartisan critics in Washington demanded the text, which Vice President JD Vance says will appear by Friday at the latest.
Sources: WSJ Markets · FT World · WSJ World News
This Afternoon: Partly Sunny, high 81F.
Tonight: Showers And Thunderstorms, low 68F.
Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F.
Latest developments: Dynamic Coffee Roasters opened a second Pittsburgh location, this one in East Liberty.
Dynamic Coffee Roasters, founded in 2022, opened its second brick-and-mortar café in East Liberty, expanding from its first shop in the Highline building on the South Side.
Sources: WPXI
Latest developments: Carol Slesinger, who built the women's apparel business at downtown clothier Larrimor's, died at 87.
Carol Slesinger, who with her late husband Carl expanded Larrimor's, the upscale downtown Pittsburgh clothing store favored by corporate executives and celebrities, died at 87 after growing the family business's women's line.
Sources: WPXI
Latest developments: Mayor Corey O'Connor signed an ordinance limiting where vape shops can open, banning new ones downtown and near schools.
Pittsburgh Mayor Corey O'Connor signed legislation June 17, 2026, to curb the spread of vape shops across the city, prohibiting new vape retailers downtown and near schools.
Sources: WPXI
Latest developments: Pittsburgh Regional Transit begins temporary traffic pattern changes Friday on Fifth Avenue in Oakland for its University Line project.
Pittsburgh Regional Transit will start temporary traffic changes Friday, June 19, 2026, on Fifth Avenue in Oakland, part of construction for the University Line bus rapid transit route.
Sources: WPXI
Latest developments: PennDOT released detour routes for the coming 25-day full closure of the Parkway East and floated a possible livestream of the Commercial Street Bridge demolition.
PennDOT mapped detours through Pittsburgh neighborhoods ahead of a 25-day shutdown of part of the Parkway East (Interstate 376), where crews will demolish the old Commercial Street Bridge behind an 800-foot safety perimeter and slide a new span into place.
Latest developments: The National Weather Service confirmed a tornado near the Titusville Airport in Venango County, adding to the count from last weekend's storms.
The National Weather Service confirmed another Western Pennsylvania tornado, this one in Venango County near the Titusville Airport, after severe storms battered the region last weekend.
Latest developments: Pittsburgh's bikeshare program will offer free rides across the city on Juneteenth, Friday, June 19.
Pittsburgh's bikeshare system will give free rides on Juneteenth, Friday, June 19, 2026, for residents traveling to holiday celebrations around town.
Sources: WPXI
Latest developments: Juneteenth in the Square opens Friday, June 19, in Market Square and runs through Sunday.
Juneteenth in the Square runs Friday through Sunday, June 19-21, 2026, in Market Square downtown, featuring Black musicians with Pittsburgh roots, an echo of the Hill District's Crawford Grill jazz era.
Sources: Pittsburgh Magazine
Latest developments: WPXI compiled fireworks, parades, and celebrations across the region marking the nation's 250th anniversary.
WPXI rounded up fireworks displays, parades, and festivals across the Pittsburgh region for the United States' 250th anniversary, the semiquincentennial, clustered around the July 4 holiday.
Sources: WPXI
Pirates (37-37)
Tue Jun 16 · Pirates 6 · Athletics 5 · Final
Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory
Up Next · Pirates @ Athletics · Wed Jun 17, 9:40 PM
Latest developments: The Post-Gazette caught up with infielders Jacob Wilson and Alika Williams, now with the Athletics, as they faced their old club.
Jacob Wilson and Alika Williams, both former Pirates infielders now playing for the Athletics, told the Post-Gazette they cherish their Pittsburgh memories during the teams' series in West Sacramento.
Sources: Post-Gazette Pirates
Latest developments: The Steelers released the second episode of their Forging Steel series, an inside look at the 2026 NFL Draft.
Forging Steel, the team's video series, dropped its season-one second episode, Pittsburgh is on the Clock, taking viewers behind the scenes of the Steelers' 2026 draft and into a McCarthy address to the team.
Sources: Pittsburgh Steelers (YouTube)
Latest developments: On SNR Drive, Matt Williamson and Wes Uhler broke down the 2027 NFL Draft's quarterback class.
The Steelers' SNR Drive podcast turned to the next generation of passers, with Matt Williamson and Wes Uhler scouting the 2027 draft's quarterback prospects.
Sources: Pittsburgh Steelers (YouTube)
S&P 500 7,431.68 ▼ -0.4% Dow 51,128.10 ▲ +0.3% Nasdaq 25,985.66 ▼ -0.8% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1569 ▼ -0.1% GBP/USD 1.3403 ▲ +0.1% USD/JPY 160.25 ▲ +0.1%