================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 17, 2026 - 4:05 PM EDT ================================================================ A leak called FortiBleed hands attackers working VPN credentials for tens of thousands of Fortinet firewalls at Oracle, Lenovo, FedEx, and a NATO contractor, even as Microsoft races to patch a Defender zero-day and Britain warns of hostile states burrowing into critical infrastructure. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Offense: AI agents and commodity tooling keep lowering the skill floor for intrusions, from a novice breaching 14 firms with Claude and Codex to a junior hacker chaining off-the-shelf software for persistence. * Edge Exposure: Credential leaks and exploited internet-facing software—Fortinet firewalls, Joomla and LiteSpeed plugins—hand attackers a foothold without a zero-day. * State Prepositioning: Governments warn that hostile states are embedding in critical infrastructure, and the EU is rallying allied cyber reserves in response. * Patch Pressure: A Defender zero-day, 245 Oracle fixes, browser remote-code-execution bugs, and expiring Secure Boot keys pile urgent updates on defenders at once. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. FORTIBLEED SPILLS CREDENTIALS FOR MAJOR NETWORKS [breach, credentials, vpn] Latest developments: Ars Technica named victims among the exposed networks—Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself—and Dark Reading reported attackers have compiled working credential lists for tens of thousands of devices across nearly 200 countries. FortiBleed published Fortinet and FortiGate VPN credentials for 73,932 firewall URLs, and SOCRadar counts roughly 30,000 devices already compromised. The exposed networks span nearly 200 countries and include Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself. Attackers reached the credentials by working three recently patched FortiSandbox flaws. Organizations should rotate VPN credentials immediately and confirm the FortiSandbox patches. - Ars Technica Security: https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/sweeping-credential-harvesting-heist-compromises-30k-fortinet-devices - SecurityWeek: https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/ 2. ROGUEPLANET DEFENDER ZERO-DAY AWAITS A FIX [zero-day, patch, privilege-escalation] Latest developments: Microsoft confirmed the RoguePlanet zero-day as CVE-2026-50656 and said a patch is in development, one week after the flaw surfaced with public proof-of-concept code that races the Defender engine to spawn a System-level command prompt. RoguePlanet, now CVE-2026-50656 at CVSS 7.8, is a privilege-escalation flaw in the Microsoft Malware Protection Engine that powers Defender. Public proof-of-concept code wins a race condition to spawn a command prompt with System privileges. Microsoft acknowledged the zero-day a week after it surfaced and says a fix is on the way. Defender refreshes its engine automatically, so administrators should verify the engine updates once Microsoft ships the patch. - The Hacker News: https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html - SecurityWeek: https://www.securityweek.com/microsoft-working-on-patch-for-rogueplanet-zero-day/ - BleepingComputer: https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-defender-patch-for-rogueplanet-zero-day/ 3. EXPLOITED PLUGINS DRIVE A WIDE PATCH WAVE [patch, exploit, cisa] Latest developments: CISA ordered agencies to patch maximum-severity Joomla Content Editor flaw CVE-2026-48907 by Friday as SecurityWeek confirmed attackers chaining it with a LiteSpeed cPanel flaw for PHP execution and root, while Oracle shipped 245 fixes and Chrome and Firefox closed critical memory-safety bugs. CISA added the maximum-severity Joomla Content Editor flaw CVE-2026-48907 to its exploited-vulnerabilities catalog and set a Friday deadline for federal agencies. SecurityWeek confirmed attackers chaining the Joomla bug and a LiteSpeed cPanel flaw to run arbitrary PHP and seize root on shared hosts. Oracle's June update delivered 245 fixes, and Chrome and Firefox patched critical memory-safety bugs that could enable remote code execution. Anyone running these products should apply the updates now. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/ - SecurityWeek: https://www.securityweek.com/joomla-litespeed-vulnerabilities-exploited-in-attacks/ - SecurityWeek: https://www.securityweek.com/oracles-second-monthly-security-updates-deliver-245-patches/ - SecurityWeek: https://www.securityweek.com/chrome-and-firefox-updated-to-patch-critical-high-severity-vulnerabilities/ :: NATION-STATE ACTIVITY 4. BRITAIN WARNS OF STATES INSIDE CRITICAL INFRASTRUCTURE [apt, critical-infrastructure, nation-state] Latest developments: NCSC chief executive Richard Horne told a RUSI audience that hostile states drive three-quarters of the attacks on Britain's critical infrastructure and are prepositioning across it for future conflict. Richard Horne, who runs Britain's National Cyber Security Centre, warned that nation-state adversaries account for most attacks on the country's critical infrastructure and are embedding themselves to map networks. He cautioned that 'kinetic targeting in any conflict tomorrow will be based on intelligence gathered today.' Operators of energy, water, telecoms, and transport face attackers laying groundwork for disruption. The warning pushes infrastructure defenders to hunt for dormant intrusions rather than wait for overt attacks. - The Record: https://therecord.media/britain-nation-state-cyberattacks-richard-horne-rusi :: AI SECURITY 5. LOW-SKILL ATTACKERS LEAN ON AI AND OFF-THE-SHELF TOOLS [ai, persistence, threat-intel] Latest developments: The Hacker News detailed a junior attacker who installed OpenSSH and Tailscale on a victim before his Havoc command-and-control server went offline to keep a backdoor, and Sophos reported that some underground actors stay skeptical that AI sharpens their craft. Researchers keep documenting how AI tools and commodity software lower the bar for intrusions. In the latest case a French-speaking attacker broke into a small automotive firm, planted a keylogger, and—before his Havoc command-and-control server went dark—installed OpenSSH and Tailscale to preserve access outside the C2. Sophos found that some underground actors doubt AI improves their operations, even as analysts argue models with strong hacking ability will soon be common. Defenders should flag legitimate remote-access tools appearing where they do not belong. - The Hacker News: https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html - Sophos News: https://www.sophos.com/en-us/blog/ai-in-the-underground-curiosity-claims-and-concerns - Ars Technica Security: https://arstechnica.com/ai/2026/06/dangerous-ai-models-are-coming-no-matter-what/ :: RANSOMWARE AND CYBERCRIME 6. SHINYHUNTERS CLAIMS KODAK AS IRHYTHM LOSES PATIENT DATA [breach, extortion, healthcare] Latest developments: Kodak confirmed a data breach that the ShinyHunters extortion gang claimed, and iRhythm disclosed that intruders stole patient health data from third-party-hosted apps and issued a ransom demand. Kodak said it is working with outside experts after intruders accessed company data, a breach ShinyHunters claimed. Days earlier medical-device maker iRhythm disclosed that attackers stole patient protected health information and other personal data from third-party-hosted applications, then demanded a ransom. Both join a run of extortion-driven thefts hitting healthcare and consumer brands. Affected customers and patients should expect notification and watch for fraud. - BleepingComputer: https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/irhythm-data-breach-patient-health-information-stolen/ 7. CRYPTO CLIPPER CAMPAIGN GAMES REVIEWS AND VIRUSTOTAL [cryptocurrency, malware, phishing] Latest developments: Check Point Research exposed a crypto-clipper operation that pays for promoted posts on legitimate news sites and seeds fake reviews, AI-voiced videos, and VirusTotal comments to push wallet-swapping malware through a WordPress phishing hub. Check Point Research traced a crypto-clipper operation that buys promoted posts on real news sites to manufacture buzz, then funnels victims through a WordPress phishing hub backed by fake GitHub and SourceForge projects, a YouTube channel, and AI-narrated videos. The malware swaps cryptocurrency wallet addresses on the clipboard to redirect payments to the attacker. The actor even seeded VirusTotal comments to lend the warez credibility. Users should verify wallet addresses after pasting and download tools only from vetted sources. - The Hacker News: https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html :: POLICY AND REGULATION 8. WARNER FLAGS CISA CUTS AS EU OPENS CYBER RESERVE TO UKRAINE [policy, government] Latest developments: Senator Mark Warner warned CISA's acting chief and DHS Secretary Markwayne Mullin that staffing gaps and budget cuts threaten the agency and MS-ISAC funding, while the EU granted Ukraine access to its pool of pre-approved incident-response firms. Senator Mark Warner pressed CISA's acting chief and DHS Secretary Markwayne Mullin over staffing shortages and budget cuts, urging DHS to prioritize the agency and fund the MS-ISAC that defends state and local governments. Across the Atlantic, the EU granted Ukraine access to its reserve of pre-approved incident-response companies as Kyiv moves toward formal accession. Both moves show how defensive cyber capacity tracks political will and funding. Defenders relying on shared federal resources should plan for possible gaps. - The Record: https://therecord.media/warner-warns-of-cisa-cuts-staffing-shortages - The Record: https://therecord.media/ukraine-access-eu-cybersecurity-reserve BUSINESS AND POLITICS ---------------------------------------------------------------- * Fed Holds Rates in Warsh's First Decision Latest developments: The Federal Reserve held its benchmark rate steady today as expected, and in Kevin Warsh's debut as chairman it scrapped explicit forward guidance and dropped its bias toward cuts, with projections showing nearly half of policymakers favor at least one hike this year. Warsh chaired his first Federal Open Market Committee meeting, which left rates unchanged in a unanimous vote against a backdrop of inflation running near double the 2% target after the war in Iran. Treasury yields and the dollar rose and gold slipped after the announcement. - FT: https://www.ft.com/content/0fda593c-7de5-44e2-825c-53d7451d5f70 - WSJ: https://www.wsj.com/finance/investing/jgb-futures-rise-tracking-gains-in-u-s-treasury-market-7a7462ac?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Mostly Cloudy, high 81F. Tonight: Showers And Thunderstorms, low 68F. Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F. Business: * Carnegie Mellon Gives City $3 Million Latest developments: Carnegie Mellon University committed $3 million to Pittsburgh to support education and infrastructure work alongside Mayor Corey O'Connor's administration. The gift extends a long partnership between the university and the city, funding shared priorities for schools and public infrastructure. - Pittsburgh Magazine: https://www.pittsburghmagazine.com/local-university-gifts-3-million-to-pittsburgh-supporting-education-and-infrastructure/ * World Cup Fills Pittsburgh Bars Latest developments: Though no World Cup matches play near Pittsburgh, some local bars report soccer crowds rivaling a home Steelers game. Bar owners say the tournament has drawn heavy weekday turnout, a notable lift for hospitality businesses in a city with no host venue. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/pittsburgh-company-news/2026/06/17/fifa-world-cup-soccer-business-impact/stories/202606170045 Around town: * Parkway East Closure Starts June 29 Latest developments: The first major closure for the Commercial Street Bridge project will begin June 29 in Frick Park, setting a firm date after earlier detour planning. Replacing the Commercial Street Bridge requires a lengthy full closure along the Parkway East corridor near Frick Park, rerouting one of the region's busiest commutes. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/17/commercial-street-bridge-road-closures-begin-june-29-frick-park/stories/202606170052 * Severe Storms, Tornado Risk Thursday Latest developments: Forecasters declared Thursday a severe weather alert day, warning of flash flooding, damaging winds, and an early-morning tornado risk for parts of the Pittsburgh area. Storms move back into Western Pennsylvania overnight into Thursday, threatening the morning commute with heavy rain, gusts of 30 to 40 mph, and isolated tornadoes. - WTAE: https://www.wtae.com/article/severe-weather-alert-day-thursday-risk-for-flash-flooding-and-gusty-winds/71610265 - KDKA: https://www.cbsnews.com/pittsburgh/news/tornado-strong-winds-thursday-morning-pittsburgh/ * Ross Township Cuts Garbage Bills Latest developments: Ross Township voted to switch trash contractors, a change that will lower residents' garbage bills and alter their service. The North Hills township's new hauler contract reduces what households pay for trash pickup. - KDKA: https://www.cbsnews.com/pittsburgh/video/ross-township-residents-to-see-lower-garbage-bills-following-vote-to-switch-trash-contractors/ * Duquesne Weighs Government Overhaul Latest developments: Duquesne residents got their first look at a proposal to reshape the city's government. Officials presented a plan to restructure how the small Mon Valley city governs itself. - WPXI: https://www.wpxi.com/news/local/duquesne-residents-get-first-look-proposal-reshape-city-government/SXINFZUZ4NDMHIEEG7C5IB3NPI/ * Help Name the Zoo's Lion Cub Latest developments: The Pittsburgh Zoo & Aquarium opened public voting to name its two-month-old female lion cub, born in April. The cub stays behind the scenes until later this summer, and the zoo invites the public to choose her name. - Pittsburgh Magazine: https://www.pittsburghmagazine.com/pittsburgh-zoo-new-lion-cub-name-contest/ Events: * Monster Jam at Acrisure Stadium Latest developments: Crews are laying thousands of yards of dirt at Acrisure Stadium ahead of a Monster Jam weekend. Monster Jam runs this weekend at Acrisure Stadium on the North Shore, turning the Steelers' field into a dirt track for the truck show. - WTAE: https://www.wtae.com/article/acrisure-stadium-monster-jam-pittsburgh-dirt-track/71614784 * Young the Giant's Victory Garden Tour Latest developments: Alternative rock band Young the Giant brings its Victory Garden tour to Pittsburgh. Young the Giant, the alternative rock group whose bassist favors Pittsburgh-made jewelry, plays the city on the tour. - TribLive: https://triblive.com/aande/music/young-the-giant-brings-victory-garden-tour-to-pittsburgh/ * Fourth of July Fireworks Guide Latest developments: WPXI published a town-by-town list of Fourth of July fireworks displays across the Pittsburgh area. The guide maps parades, music, food, and fireworks in communities throughout Western Pennsylvania for the July 4 holiday. - WPXI: https://www.wpxi.com/news/local/fourth-july-2026-town-by-town-list-fireworks-displays-pittsburgh-area/MI5V2HMJTBDJ5KYH5QMI65DS4M/ SPORTS ---------------------------------------------------------------- Pirates (37-37) Tue Jun 16 · Pirates 6 · Athletics 5 · Final Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory https://plaintextsports.com/mlb/2026-06-16/pit-ath Up Next · Pirates @ Athletics · Wed Jun 17, 9:40 PM https://plaintextsports.com/mlb/2026-06-17/pit-ath Around the Teams: * Washington Talks $42 Million Extension Latest developments: Tight end Darnell Washington joined Not Just Football with Cam Heyward fresh off signing a four-year, $42 million extension with the Steelers. On the podcast Washington discussed the new deal, Connor Heyward's departure, his back-to-back Georgia championships, and life as a 6-foot-7 tight end. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=bI9k0IEdvzA * Steelers Pass on Brendan Sorsby Latest developments: Post-Gazette reporting says the Steelers should, and likely will, avoid quarterback Brendan Sorsby in the NFL's supplemental draft. Sorsby enters the supplemental draft amid a gambling matter, but the beat writers expect no bid from Pittsburgh given its quarterback room behind Will Howard and Drew Allar. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/steelers/2026/06/17/nfl-news-rumors-brendan-sorsby/stories/202606170039 - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/steelers/2026/06/16/sorsby-gambling-supplemental-draft-allar-howard/stories/202606160042 * Hiles on Pirates' Trade-Deadline Stakes Latest developments: Noah Hiles argued the Pirates must improve before the trade deadline, warning Ben Cherington against standing pat with Paul Skenes and prospect Konnor Griffin in the picture. The Post-Gazette columnist weighed deadline scenarios and the cost of another lost season around ace Paul Skenes. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/17/mlb-rumors-trade-deadline-skenes-konnor-griffin-cherington/stories/202606170046 READING ---------------------------------------------------------------- * Stratechery -- The State of Fable, The Jailbreak Problem, SpaceX Acquires Cursor Ben Thompson argues the administration is very likely wrong about the Fable model, but contends the jailbreak problem and its handling ultimately fall to Anthropic's responsibility. https://stratechery.com/2026/the-state-of-fable-the-jailbreak-problem-spacex-acquires-cursor/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron presents financials showing OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, casting doubt on the company's path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Newport responds to a survey of 6,000 digital workers, arguing that AI exposes dysfunction already baked into knowledge work rather than creating new problems. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,431.68 ▼ -0.4% Dow 51,128.10 ▲ +0.3% Nasdaq 25,985.66 ▼ -0.8% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1569 ▼ -0.1% GBP/USD 1.3403 ▲ +0.1% USD/JPY 160.25 ▲ +0.1% ================================================================ Generated 2026-06-17 16:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================