================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 17, 2026 - 9:05 PM EDT ================================================================ A credential leak dubbed FortiBleed exposed VPN logins for nearly 74,000 Fortinet firewalls guarding sensitive networks, while AI agents kept lowering the bar for attackers. CONTENTS: Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS ---------------------------------------------------------------- * AI Offense: Cheap AI agents drove fresh intrusions this week, breaching 14 companies in one case and sustaining backdoors in another, shrinking the skill needed to attack. * Supply Chain: Attackers keep hijacking maintainer accounts to poison open-source registries, this time tainting 144 npm packages in the Mastra AI framework. * Edge Exposure: Internet-facing firewalls and plugins remain the soft underbelly, as FortiBleed spilled credentials for tens of thousands of Fortinet devices. * Healthcare Targeting: Ransomware crews like INC zero in on hospitals and device makers, where downtime forces quick payment, as iRhythm lost patient data. * Surveillance Creep: Governments and platforms widened data collection, from ICE buying tax identifiers to Google tapping European IP addresses for ad targeting. SECURITY ---------------------------------------------------------------- :: VULNERABILITIES AND EXPLOITS 1. FORTIBLEED SPILLS CREDENTIALS FOR SENSITIVE NETWORKS [breach, patch, credentials] Latest developments: BleepingComputer pinned the FortiBleed leak at 73,932 Fortinet and FortiGate firewall URLs worldwide, and SecurityWeek reported SOCRadar detected 30,000 compromised firewalls tied to three recently patched FortiSandbox flaws, CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. FortiBleed is a credential leak that exposes Fortinet SSL-VPN logins attackers skimmed from internet-facing firewalls. Victims span Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself, across nearly 200 countries. Attackers already hold working credential lists for tens of thousands of devices and target many sectors. Administrators should rotate VPN credentials, enforce multifactor authentication, and patch FortiSandbox and FortiGate now. - BleepingComputer: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/sweeping-credential-harvesting-heist-compromises-30k-fortinet-devices - Ars Technica Security: https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/ - SecurityWeek: https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/ 2. NIGHTMARE ECLIPSE DUMPS ROGUEPLANET AND A BITLOCKER BYPASS [zero-day, patch] Latest developments: Graham Cluley reported an actor calling itself Nightmare Eclipse dropped three Microsoft zero-days to punish the company, one letting a thief with a USB stick walk past BitLocker, as Microsoft assigned the RoguePlanet Defender flaw CVE-2026-50656 and said a patch remains in development. RoguePlanet is a privilege-escalation flaw, CVSS 7.8, in the Microsoft Malware Protection Engine that powers Defender. Public proof-of-concept code wins a race condition to spawn a System-level command prompt. The companion BitLocker bypass lets a physical attacker defeat disk encryption with a USB stick. Microsoft has no fix yet, so teams should restrict physical access and watch for Defender tampering. - Graham Cluley: https://grahamcluley.com/smashing-security-podcast-472/ - The Hacker News: https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html - SecurityWeek: https://www.securityweek.com/microsoft-working-on-patch-for-rogueplanet-zero-day/ - BleepingComputer: https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-defender-patch-for-rogueplanet-zero-day/ 3. MASTRA NPM PACKAGES POISONED IN EASY-DAY-JS ATTACK [supply-chain, npm] Latest developments: Endor Labs, JFrog, SafeDep, Socket, and StepSecurity reported attackers hijacked the npm account ehindero to compromise as many as 144 packages in the @mastra namespace in a supply-chain attack codenamed easy-day-js. Mastra is a popular open-source JavaScript and TypeScript framework for building AI applications. One hijacked maintainer account let attackers poison up to 144 packages under the @mastra namespace. Developers who pulled recent versions risk running malicious code during installation. Teams should pin known-good versions, audit lockfiles, and rotate any secrets their builds touched. - The Hacker News: https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html :: AI SECURITY 4. AI AGENTS LOWER THE FLOOR FOR ATTACKERS [ai, threat] Latest developments: OALABS recovered more than 1,000 agent sessions from a compromised server and detailed how a low-skilled attacker drove Anthropic's Claude Code and OpenAI's Codex to breach 14 companies while slipping past most agent guardrails. Researchers keep showing AI agents shrink the skill needed for offensive operations. In one case an attacker leaned on Claude Code and Codex to compromise 14 firms; in another a junior hacker installed OpenSSH and Tailscale for a backdoor that outlived his Havoc command server. Ars Technica argues models with strong hacking ability will soon be common regardless of export limits. Defenders should expect cheaper, faster intrusions and tighten identity and endpoint monitoring. - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/ai-agents-offensive-cyber-operations-claude-codex/ - Ars Technica Security: https://arstechnica.com/ai/2026/06/dangerous-ai-models-are-coming-no-matter-what/ - The Hacker News: https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html :: RANSOMWARE AND CYBERCRIME 5. CRYPTO CLIPPER ADDS TOR AND WORM-LIKE SPREAD [malware, cryptocurrency] Latest developments: Microsoft Threat Intelligence analyzed a clipper that routes communications over Tor and propagates worm-like to gain persistence and a lightweight backdoor, widening Check Point's earlier picture of a campaign that games fake reviews, AI-voiced videos, and VirusTotal comments. A crypto clipper watches the clipboard and swaps a victim's cryptocurrency wallet address for the attacker's at the moment of payment. Microsoft's variant adds Tor-based control, worm-like propagation, and backdoor access for follow-on activity. Check Point traced a parallel operation that pushes wallet-swapping malware through a WordPress phishing hub promoted by paid news posts and fake accounts. Users should verify wallet addresses before sending and avoid software from promoted forum and review links. - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/ - The Hacker News: https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html 6. INC RANSOMWARE PRESSES HEALTHCARE [ransomware, healthcare, breach] Latest developments: Dark Reading profiled INC ransomware, which thrives by mastering fundamentals and concentrating on healthcare, where downtime forces fast payment, as iRhythm confirmed intruders stole patient health data from third-party-hosted apps. INC is a ransomware operation that skips flashy zero-days and wins through disciplined execution, including credential reuse, exposed panels, and pressure on sectors that cannot tolerate outages. Healthcare sits at the center because disrupted care creates immediate leverage. iRhythm, a maker of cardiac monitors, found unauthorized activity on June 8 and faced a ransom demand a day later. Health providers should harden remote access, segment clinical systems, and rehearse recovery. - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/inc-ransomware-thrives-by-mastering-the-basics - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/irhythm-data-breach-patient-health-information-stolen/ 7. ROKAROLLA ANDROID TROJAN SEIZES PHONES [malware, android, banking] Latest developments: Zimperium disclosed Rokarolla, an Android banking trojan that targets 217 banking and cryptocurrency apps and runs 137 commands to take full control of infected phones. Rokarolla spreads through malicious sites that impersonate TikTok, Google Chrome, and other popular apps, tricking users into installing it. Once on a device it can take over, intercepting banking and crypto sessions across 217 targeted apps. Its name comes from its command-and-control infrastructure. Mobile users should install apps only from official stores and scrutinize permission requests. - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/rokarolla-android-banking-trojan-device-takeover/ :: POLICY AND REGULATION 8. DATA COLLECTION WIDENS ACROSS GOVERNMENTS AND PLATFORMS [privacy, policy, surveillance] Latest developments: Britain moved to bar under-16s from user-to-user social media, Google said it will use UK, EEA, and Swiss IP addresses for ad personalization from August 3, and 404 Media found ICE preparing to buy immigrants' tax identifiers from a data broker through a $10 million procurement. Three moves widened the collection and use of personal data. The UK's under-16 ban revives age-verification and privacy worries critics raised before. Google reversed its own past stance against using IP signals to identify devices. A $10 million ICE procurement points to buying tax-related records that Senator Ron Wyden says skirt the law and a court order. Privacy-minded users should expect more identity checks and broker-fed surveillance. - Dark Reading: https://www.darkreading.com/cyber-risk/uk-social-media-ban-privacy-experts-worried - BleepingComputer: https://www.bleepingcomputer.com/news/security/google-to-use-uk-and-eu-user-ip-addresses-for-ad-personalization/ - 404 Media: https://www.404media.co/ice-appears-to-be-buying-immigrants-tax-identifiers-from-a-data-broker/ BUSINESS AND POLITICS ---------------------------------------------------------------- * US and Iran Sign War-Ending Deal Latest developments: The two governments signed the memorandum Wednesday, ahead of Friday's planned ceremony, officials read its terms to reporters, and Trump pledged to release frozen Iranian funds and ease sanctions. The agreement halts the war that began February 28 and takes immediate effect. It lets Iran resume oil exports that could earn more than $60 billion a year, waives banking and transport sanctions, and lets Tehran keep its ballistic missiles. Oil fell on prospects of a fast reopening of the Strait of Hormuz, and Trump said he could resume bombing if Tehran breaks the terms. - FT World: https://www.ft.com/content/d4f89b6b-c213-4550-924b-a9ae45e24c37 - WSJ World News: https://www.wsj.com/world/middle-east/deal-gives-iran-chance-to-turbocharge-its-oil-revenue-5b481eb6 * Warsh Fed Turns Hawkish, Markets Slide Latest developments: Stocks fell and Treasury yields and the dollar jumped after the Fed's first statement and projections under Kevin Warsh signaled at least one rate increase this year. The Federal Reserve held its benchmark rate steady in Warsh's debut as chairman, scrapped explicit forward guidance, and dropped its bias toward cuts. Officials project rates may rise by year-end to tame the inflation jolt from the Iran war, which has pushed prices to nearly double the central bank's 2% target. - FT World: https://www.ft.com/content/0fda593c-7de5-44e2-825c-53d7451d5f70 - WSJ Markets: https://www.wsj.com/finance/stocks/global-stocks-markets-dow-update-06-17-2026-05228bac?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Showers And Thunderstorms, low 68F. Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F. Thursday Night: Partly Cloudy, low 59F. Business: * Skill Games Face Taxation After Ruling Latest developments: Operators and players are weighing the fallout after the state Supreme Court this week classified the machines as slot machines under Pennsylvania law, opening them to regulation and taxation. The machines fill Pennsylvania bars, convenience stores, and social clubs untaxed. The court's classification lets the state regulate and tax them, a step Harrisburg lawmakers have avoided for years, and leaves operators uncertain about what comes next. - WPXI: https://www.wpxi.com/news/local/pennsylvanians-weigh-court-ruling-that-could-lead-taxation-skill-games/SH3EGHR7OREYNL5727KLV52Y2Y/ * O'Connor Signs Vape Shop Zoning Law Latest developments: Mayor Corey O'Connor signed legislation Wednesday setting zoning rules for vape shops in Pittsburgh. The new ordinance governs where vape retailers may open across the city, a response to the spread of the shops. - KDKA: https://www.cbsnews.com/pittsburgh/video/pittsburgh-mayor-signs-vape-shop-zoning-ordinance/ Around town: * Tornado Risk, Storms Early Thursday Latest developments: Forecasters now time the worst storms for the overnight and early-morning hours Thursday, with a brief tornado possible before dawn and strong winds through the day, and urge residents to prepare for sustained power outages. A line of storms carrying heavy rain, damaging winds, hail, and flash-flooding risk moves into the Pittsburgh area overnight. The overnight timing should hold down a high-end outbreak, though strong wind shear keeps a severe threat in play. - KDKA: https://www.cbsnews.com/pittsburgh/news/tornado-strong-winds-thursday-morning-pittsburgh/ - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-peak-severe-weather-season-safety-tips/ * Commercial Street Closure Blindsides Residents Latest developments: Swisshelm Park residents say PennDOT blindsided them on the June 29 Commercial Street closure, and the agency now plans a one-day closure first for a bridge-slide test before the long shutdown. Commercial Street closes June 29 and stays shut until crews replace the Commercial Street Bridge on the Parkway East. The closure comes earlier than the early-July date PennDOT first gave, drawing resident complaints. - KDKA: https://www.cbsnews.com/pittsburgh/news/commercial-street-closure-parkway-east-penndot/ - WTAE: https://www.wtae.com/article/commercial-street-to-close-earlier-than-anticipated-residents-outraged/71607218 * City Relaunches Police–Social Worker Teams Latest developments: Pittsburgh relaunched and moved to expand its Office of Community Health and Safety co-response program Wednesday, pairing a police officer with a social worker on certain 911 calls. The teams respond together to mental-health and similar emergencies, an approach the city says reaches people reluctant to deal with police alone. - WPXI: https://www.wpxi.com/news/local/pittsburgh-relaunches-ochs-co-response-program-mental-health-emergencies/TLVPLQCAM5DYXGGVRCWYY3R6YE/ - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-co-response-program-expansion/ * Penn Borough Merger Heads Toward Ballot Latest developments: Officials took a step Wednesday night toward placing the absorption of Penn Borough into Penn Township on the November ballot. A yes vote would consolidate the small Westmoreland County borough into the surrounding township, part of a regional push to shrink local governments. - WPXI: https://www.wpxi.com/news/local/officials-taking-steps-put-merger-local-borough-township-november-ballot/ZOAR4CVHDZH2JMOB47GTRYBOS4/ * Dean Says ICE Blocked Detainee Talks Latest developments: U.S. Rep. Madeleine Dean said officials blocked her from speaking with detainees during a Wednesday oversight visit to Pennsylvania's largest immigrant detention center. The visit came three weeks after other members of Congress publicly shared detainee concerns from inside the facility. Dean's account renews scrutiny of access and conditions at the center. - TribLive: https://triblive.com/news/pennsylvania/rep-madeleine-dean-says-she-was-blocked-from-speaking-to-detainees-during-oversight-visit-to-pennsylvanias-largest-ice-detention-center/ Events: * Little Queer Libraries Spread Banned Books Latest developments: The Post-Gazette mapped Little Queer Libraries placing banned and LGBTQ titles in free sidewalk boxes across the Pittsburgh region for Pride month. Run through the Equality Center, the little libraries stock books pulled from some shelves elsewhere, free for anyone to take, at sites around the region. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/life/goodness/2026/06/16/little-queer-libraries-banned-books-equality-center/stories/202606080063 * Sewickley's Penguin Bookshop in National Revival Latest developments: The Post-Gazette profiled Sewickley's Penguin Bookshop as part of a national resurgence of independent bookstores. The long-running shop in the Allegheny County borough is riding renewed interest in independent bookstores pushing back against Amazon, drawing readers to its Sewickley storefront. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/business/career-workplace/2026/06/15/penguin-bookshop-sewickley-independent-bookstores-amazon/stories/202606140021 SPORTS ---------------------------------------------------------------- Pirates (37-37) Tue Jun 16 · Pirates 6 · Athletics 5 · Final Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory https://plaintextsports.com/mlb/2026-06-16/pit-ath Up Next · Pirates @ Athletics · Wed Jun 17, 9:40 PM https://plaintextsports.com/mlb/2026-06-17/pit-ath Around the Teams: * SNR Drive Builds All-Time Non-HOF Steelers Team Latest developments: On Wednesday's SNR Drive, Matt Williamson and Wes Uhler assembled an all-time Steelers team of players outside the Hall of Fame and broke down running back Jaylen Warren's game. The team's show picked offense and defense from Steelers who never reached Canton, touched on Barry Foster, and analyzed what Warren brings as a runner. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=QcqN-zNm9c0 * Film Room: Rubio's Hands Stout vs. Run Latest developments: A Post-Gazette film breakdown praised defensive lineman Gabriel Rubio's violent hands, calling him a solid run defender for the Steelers. The analysis of the rookie out of Notre Dame highlighted his strength at the point of attack as Pittsburgh reshapes its defensive front. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/steelers-film-room-gabriel-rubio-notre-dame-vega-ioane-derrick-harmon/stories/202606170036 * Dulac Fields Steelers Questions Latest developments: Gerry Dulac's June 17 Steelers chat took reader questions on the supplemental draft and Brendan Sorsby, Aaron Rodgers, coach Mike McCarthy, and prospects Drew Allar and Will Howard. The Post-Gazette beat writer's regular chat ranged across roster and coaching topics during the offseason's quiet stretch. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/nfl-news-steelers-sorsby-rodgers-mccarthy-howard-allar/stories/202606170024 * Ex-Pirates Wilson, Williams Recall Pittsburgh Latest developments: A Post-Gazette feature caught up with infielders Jacob Wilson and Alika Williams, now with the Athletics, who said they cherish their Pittsburgh memories. The two reflected on their time in the city as the Athletics faced the Pirates this week. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/17/athletics-jack-jacob-wilson-alika-williams-mlb/stories/202606170031 * Steelers Release Forging Steel Episode 2 Latest developments: The Steelers dropped the second episode of Forging Steel, a behind-the-scenes series on the team's 2026 NFL draft. The team-produced show offers an inside look at draft preparation, including coach Mike McCarthy addressing the team. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=TkV9_btUE3c READING ---------------------------------------------------------------- * Stratechery -- The State of Fable, The Jailbreak Problem, SpaceX Acquires Cursor Ben Thompson argues the administration is likely wrong about the Fable model and that the burden of managing the jailbreak problem falls ultimately on Anthropic. https://stratechery.com/2026/the-state-of-fable-the-jailbreak-problem-spacex-acquires-cursor/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron reports OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company still has no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn’t Breaking Work. It’s Already Broken. Newport contends that knowledge work was already dysfunctional before AI arrived, and that AI exposes the existing breakdown rather than causing it. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1% ================================================================ Generated 2026-06-17 21:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================