daily plain-text briefing: security, markets, business, and pittsburgh
A credential leak dubbed FortiBleed exposed VPN logins for nearly 74,000 Fortinet firewalls guarding sensitive networks, while AI agents kept lowering the bar for attackers.
Latest developments: BleepingComputer pinned the FortiBleed leak at 73,932 Fortinet and FortiGate firewall URLs worldwide, and SecurityWeek reported SOCRadar detected 30,000 compromised firewalls tied to three recently patched FortiSandbox flaws, CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089.
FortiBleed is a credential leak that exposes Fortinet SSL-VPN logins attackers skimmed from internet-facing firewalls. Victims span Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself, across nearly 200 countries. Attackers already hold working credential lists for tens of thousands of devices and target many sectors. Administrators should rotate VPN credentials, enforce multifactor authentication, and patch FortiSandbox and FortiGate now.
Sources: BleepingComputer · Dark Reading · Ars Technica Security · SecurityWeek
Latest developments: Graham Cluley reported an actor calling itself Nightmare Eclipse dropped three Microsoft zero-days to punish the company, one letting a thief with a USB stick walk past BitLocker, as Microsoft assigned the RoguePlanet Defender flaw CVE-2026-50656 and said a patch remains in development.
RoguePlanet is a privilege-escalation flaw, CVSS 7.8, in the Microsoft Malware Protection Engine that powers Defender. Public proof-of-concept code wins a race condition to spawn a System-level command prompt. The companion BitLocker bypass lets a physical attacker defeat disk encryption with a USB stick. Microsoft has no fix yet, so teams should restrict physical access and watch for Defender tampering.
Sources: Graham Cluley · The Hacker News · SecurityWeek · BleepingComputer
Latest developments: Endor Labs, JFrog, SafeDep, Socket, and StepSecurity reported attackers hijacked the npm account ehindero to compromise as many as 144 packages in the @mastra namespace in a supply-chain attack codenamed easy-day-js.
Mastra is a popular open-source JavaScript and TypeScript framework for building AI applications. One hijacked maintainer account let attackers poison up to 144 packages under the @mastra namespace. Developers who pulled recent versions risk running malicious code during installation. Teams should pin known-good versions, audit lockfiles, and rotate any secrets their builds touched.
Sources: The Hacker News
Latest developments: OALABS recovered more than 1,000 agent sessions from a compromised server and detailed how a low-skilled attacker drove Anthropic's Claude Code and OpenAI's Codex to breach 14 companies while slipping past most agent guardrails.
Researchers keep showing AI agents shrink the skill needed for offensive operations. In one case an attacker leaned on Claude Code and Codex to compromise 14 firms; in another a junior hacker installed OpenSSH and Tailscale for a backdoor that outlived his Havoc command server. Ars Technica argues models with strong hacking ability will soon be common regardless of export limits. Defenders should expect cheaper, faster intrusions and tighten identity and endpoint monitoring.
Sources: Help Net Security · Ars Technica Security · The Hacker News
Latest developments: Microsoft Threat Intelligence analyzed a clipper that routes communications over Tor and propagates worm-like to gain persistence and a lightweight backdoor, widening Check Point's earlier picture of a campaign that games fake reviews, AI-voiced videos, and VirusTotal comments.
A crypto clipper watches the clipboard and swaps a victim's cryptocurrency wallet address for the attacker's at the moment of payment. Microsoft's variant adds Tor-based control, worm-like propagation, and backdoor access for follow-on activity. Check Point traced a parallel operation that pushes wallet-swapping malware through a WordPress phishing hub promoted by paid news posts and fake accounts. Users should verify wallet addresses before sending and avoid software from promoted forum and review links.
Sources: Microsoft Security Blog · The Hacker News
Latest developments: Dark Reading profiled INC ransomware, which thrives by mastering fundamentals and concentrating on healthcare, where downtime forces fast payment, as iRhythm confirmed intruders stole patient health data from third-party-hosted apps.
INC is a ransomware operation that skips flashy zero-days and wins through disciplined execution, including credential reuse, exposed panels, and pressure on sectors that cannot tolerate outages. Healthcare sits at the center because disrupted care creates immediate leverage. iRhythm, a maker of cardiac monitors, found unauthorized activity on June 8 and faced a ransom demand a day later. Health providers should harden remote access, segment clinical systems, and rehearse recovery.
Sources: Dark Reading · Help Net Security
Latest developments: Zimperium disclosed Rokarolla, an Android banking trojan that targets 217 banking and cryptocurrency apps and runs 137 commands to take full control of infected phones.
Rokarolla spreads through malicious sites that impersonate TikTok, Google Chrome, and other popular apps, tricking users into installing it. Once on a device it can take over, intercepting banking and crypto sessions across 217 targeted apps. Its name comes from its command-and-control infrastructure. Mobile users should install apps only from official stores and scrutinize permission requests.
Sources: Help Net Security
Latest developments: Britain moved to bar under-16s from user-to-user social media, Google said it will use UK, EEA, and Swiss IP addresses for ad personalization from August 3, and 404 Media found ICE preparing to buy immigrants' tax identifiers from a data broker through a $10 million procurement.
Three moves widened the collection and use of personal data. The UK's under-16 ban revives age-verification and privacy worries critics raised before. Google reversed its own past stance against using IP signals to identify devices. A $10 million ICE procurement points to buying tax-related records that Senator Ron Wyden says skirt the law and a court order. Privacy-minded users should expect more identity checks and broker-fed surveillance.
Sources: Dark Reading · BleepingComputer · 404 Media
Latest developments: The two governments signed the memorandum Wednesday, ahead of Friday's planned ceremony, officials read its terms to reporters, and Trump pledged to release frozen Iranian funds and ease sanctions.
The agreement halts the war that began February 28 and takes immediate effect. It lets Iran resume oil exports that could earn more than $60 billion a year, waives banking and transport sanctions, and lets Tehran keep its ballistic missiles. Oil fell on prospects of a fast reopening of the Strait of Hormuz, and Trump said he could resume bombing if Tehran breaks the terms.
Sources: FT World · WSJ World News
Latest developments: Stocks fell and Treasury yields and the dollar jumped after the Fed's first statement and projections under Kevin Warsh signaled at least one rate increase this year.
The Federal Reserve held its benchmark rate steady in Warsh's debut as chairman, scrapped explicit forward guidance, and dropped its bias toward cuts. Officials project rates may rise by year-end to tame the inflation jolt from the Iran war, which has pushed prices to nearly double the central bank's 2% target.
Sources: FT World · WSJ Markets
Tonight: Showers And Thunderstorms, low 68F.
Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F.
Thursday Night: Partly Cloudy, low 59F.
Latest developments: Operators and players are weighing the fallout after the state Supreme Court this week classified the machines as slot machines under Pennsylvania law, opening them to regulation and taxation.
The machines fill Pennsylvania bars, convenience stores, and social clubs untaxed. The court's classification lets the state regulate and tax them, a step Harrisburg lawmakers have avoided for years, and leaves operators uncertain about what comes next.
Sources: WPXI
Latest developments: Mayor Corey O'Connor signed legislation Wednesday setting zoning rules for vape shops in Pittsburgh.
The new ordinance governs where vape retailers may open across the city, a response to the spread of the shops.
Sources: KDKA
Latest developments: Forecasters now time the worst storms for the overnight and early-morning hours Thursday, with a brief tornado possible before dawn and strong winds through the day, and urge residents to prepare for sustained power outages.
A line of storms carrying heavy rain, damaging winds, hail, and flash-flooding risk moves into the Pittsburgh area overnight. The overnight timing should hold down a high-end outbreak, though strong wind shear keeps a severe threat in play.
Latest developments: Swisshelm Park residents say PennDOT blindsided them on the June 29 Commercial Street closure, and the agency now plans a one-day closure first for a bridge-slide test before the long shutdown.
Commercial Street closes June 29 and stays shut until crews replace the Commercial Street Bridge on the Parkway East. The closure comes earlier than the early-July date PennDOT first gave, drawing resident complaints.
Latest developments: Pittsburgh relaunched and moved to expand its Office of Community Health and Safety co-response program Wednesday, pairing a police officer with a social worker on certain 911 calls.
The teams respond together to mental-health and similar emergencies, an approach the city says reaches people reluctant to deal with police alone.
Latest developments: Officials took a step Wednesday night toward placing the absorption of Penn Borough into Penn Township on the November ballot.
A yes vote would consolidate the small Westmoreland County borough into the surrounding township, part of a regional push to shrink local governments.
Sources: WPXI
Latest developments: U.S. Rep. Madeleine Dean said officials blocked her from speaking with detainees during a Wednesday oversight visit to Pennsylvania's largest immigrant detention center.
The visit came three weeks after other members of Congress publicly shared detainee concerns from inside the facility. Dean's account renews scrutiny of access and conditions at the center.
Sources: TribLive
Latest developments: The Post-Gazette mapped Little Queer Libraries placing banned and LGBTQ titles in free sidewalk boxes across the Pittsburgh region for Pride month.
Run through the Equality Center, the little libraries stock books pulled from some shelves elsewhere, free for anyone to take, at sites around the region.
Sources: Post-Gazette Arts & Entertainment
Latest developments: The Post-Gazette profiled Sewickley's Penguin Bookshop as part of a national resurgence of independent bookstores.
The long-running shop in the Allegheny County borough is riding renewed interest in independent bookstores pushing back against Amazon, drawing readers to its Sewickley storefront.
Sources: Post-Gazette Arts & Entertainment
Pirates (37-37)
Tue Jun 16 · Pirates 6 · Athletics 5 · Final
Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory
Up Next · Pirates @ Athletics · Wed Jun 17, 9:40 PM
Latest developments: On Wednesday's SNR Drive, Matt Williamson and Wes Uhler assembled an all-time Steelers team of players outside the Hall of Fame and broke down running back Jaylen Warren's game.
The team's show picked offense and defense from Steelers who never reached Canton, touched on Barry Foster, and analyzed what Warren brings as a runner.
Sources: Pittsburgh Steelers (YouTube)
Latest developments: A Post-Gazette film breakdown praised defensive lineman Gabriel Rubio's violent hands, calling him a solid run defender for the Steelers.
The analysis of the rookie out of Notre Dame highlighted his strength at the point of attack as Pittsburgh reshapes its defensive front.
Sources: Post-Gazette Steelers
Latest developments: Gerry Dulac's June 17 Steelers chat took reader questions on the supplemental draft and Brendan Sorsby, Aaron Rodgers, coach Mike McCarthy, and prospects Drew Allar and Will Howard.
The Post-Gazette beat writer's regular chat ranged across roster and coaching topics during the offseason's quiet stretch.
Sources: Post-Gazette Steelers
Latest developments: A Post-Gazette feature caught up with infielders Jacob Wilson and Alika Williams, now with the Athletics, who said they cherish their Pittsburgh memories.
The two reflected on their time in the city as the Athletics faced the Pirates this week.
Sources: Post-Gazette Pirates
Latest developments: The Steelers dropped the second episode of Forging Steel, a behind-the-scenes series on the team's 2026 NFL draft.
The team-produced show offers an inside look at draft preparation, including coach Mike McCarthy addressing the team.
Sources: Pittsburgh Steelers (YouTube)
S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1%