daily plain-text briefing: security, markets, business, and pittsburgh
A leaked trove of working Fortinet VPN credentials exposes Oracle, Lenovo, FedEx, and a NATO contractor even as Britain's cyber chief warns that hostile states have prepositioned across the nation's critical infrastructure.
first identified Jun 17, 2026
Latest developments: Ars Technica named the high-profile victims in the FortiBleed credential dump—Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself—and Dark Reading reported attackers across nearly 200 countries now hold a compiled list of working credentials for tens of thousands of compromised devices.
The FortiBleed leak publishes working VPN credentials for 73,932 Fortinet and FortiGate firewall URLs, traced to three recently patched FortiSandbox flaws, CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. SOCRadar counts roughly 30,000 compromised firewalls, and the named victims reach into critical supply chains. Any organization running an exposed FortiGate should rotate VPN credentials, apply the FortiSandbox patches, and hunt for intrusions immediately.
Sources: Ars Technica Security · BleepingComputer · Dark Reading · SecurityWeek
first identified Jun 17, 2026
Latest developments: CISA ordered federal agencies to patch the maximum-severity Joomla Content Editor flaw CVE-2026-48907 by Friday after confirming active exploitation, and researchers reported attackers chaining Joomla and LiteSpeed cPanel bugs to run PHP and gain root on shared hosts, as Oracle shipped 245 fixes and Chrome, Firefox, and Rockwell Automation patched critical bugs.
The CVSS 10.0 Joomla JCE flaw lets unauthenticated attackers execute arbitrary PHP, and the LiteSpeed cPanel bug escalates to root on shared hosting. The same day, Oracle's June Critical Patch Update closed 245 vulnerabilities, Chrome and Firefox fixed memory-safety bugs that allow remote code execution, and Rockwell patched Logix, RSLinx, and FactoryTalk. Administrators also face a near deadline to refresh expiring Secure Boot keys on Windows and Linux. Patch internet-facing web software first, then work through the vendor backlog.
Sources: BleepingComputer · SecurityWeek · SecurityWeek · Ars Technica Security
first identified Jun 17, 2026
Latest developments: Microsoft formally disclosed RoguePlanet as CVE-2026-50656 at CVSS 7.8 and confirmed public proof-of-concept code exploits a race condition in the Malware Protection Engine to spawn a command prompt with System privileges, with a patch still in development.
RoguePlanet is an elevation-of-privilege flaw in the engine that powers Microsoft Defender, one of three zero-days an actor calling itself Nightmare Eclipse dropped to punish the company. Any local attacker who wins the race condition gains System-level control of a Windows machine. Until Microsoft ships the fix, defenders should watch endpoints for local privilege-escalation attempts and unexpected System-level command shells.
Sources: The Hacker News · SecurityWeek · BleepingComputer
first identified Jun 17, 2026
Latest developments: Senator Mark Warner warned the acting CISA chief that budget cuts and staffing gaps threaten the agency's mission and pressed DHS Secretary Markwayne Mullin to fund the MS-ISAC, while the European Union granted Ukraine access to its reserve of pre-approved incident-response firms.
Warner's letters argue that DHS must prioritize CISA and underwrite the MS-ISAC that defends state and local governments. Across the Atlantic, the EU integrated Ukraine into its pool of vetted responders as Kyiv moves toward formal accession. The two moves show Western governments rethinking who funds and staffs cyber defense as threats intensify.
Sources: The Record · The Record
first identified Jun 17, 2026
Latest developments: NCSC Chief Executive Richard Horne told a RUSI audience that hostile states sit behind three-quarters of attacks on Britain's critical infrastructure and are prepositioning access throughout it for future conflict.
Horne warned that adversaries embed in energy, water, telecom, and transport systems today to enable targeting tomorrow, saying kinetic targeting in any conflict will rest on intelligence gathered now. The warning frames espionage and access operations as preparation for physical war. Operators of critical systems should assume persistent adversary presence and harden detection, segmentation, and recovery accordingly.
Sources: The Record
first identified Jun 17, 2026
Latest developments: Kodak confirmed intruders accessed company data and engaged external responders, validating an extortion claim by ShinyHunters, the gang tied to the Oracle PeopleSoft zero-day campaign.
Kodak joins a widening run of enterprise breaches and extortion driven by ShinyHunters. The company has not detailed which data the attackers took. Organizations should treat ShinyHunters claims as credible, review exposure to Oracle PeopleSoft and other recently exploited enterprise software, and prepare for follow-on extortion pressure.
Sources: BleepingComputer
first identified Jun 17, 2026
Latest developments: Bruce Schneier flagged an Office of Management and Budget disclosure from April 14, 2026, listing 3,611 active or planned AI use cases across the federal government, a 70 percent jump over the final Biden-era list and including plans to hand sensitive functions to automated systems.
The disclosure marks the broadest accounting yet of federal AI adoption, spanning core operations and some sensitive governmental functions. The scale raises accountability, oversight, and security questions as agencies wire automated decision-making into critical workflows. Each new use case widens the attack surface and the consequences of model failure or manipulation.
Sources: Schneier on Security
Latest developments: The Warsh-led committee held rates steady in a unanimous vote Wednesday and eliminated explicit forward guidance, hardening the hawkish signal reported earlier into a formal decision.
Kevin Warsh's first meeting as Federal Reserve chair left the benchmark rate unchanged, dropped the bias toward cuts, and projected at least one increase this year to tame inflation that the Iran war pushed toward 4%; stocks fell while Treasury yields and the dollar climbed.
Sources: FT World · WSJ Markets
Latest developments: Senior US officials read the full memorandum to reporters Wednesday and Pakistan's premier said the accord takes immediate effect, moving past the signing reported earlier.
The agreement winding down the war that began February 28 lets Iran resume oil sales at once—potentially more than $60 billion a year—and waives banking and transport sanctions, while Trump pledged to release frozen funds and Tehran keeps its ballistic missiles.
Sources: FT World · WSJ World News
Tonight: Showers And Thunderstorms, low 68F.
Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F.
Thursday Night: Partly Cloudy, low 59F.
Latest developments: Operators and players weighed their tax and regulatory exposure Wednesday, with the practical mechanics of how the state will license and tax the machines still unsettled after this week's ruling.
Pennsylvania's Supreme Court classified the cash-paying skill-game terminals in bars, convenience stores, and clubs as slot machines under state law this week, opening the largely untaxed devices to regulation and taxation and pressing Harrisburg to write rules.
Sources: WPXI
Latest developments: Allegheny Health Network spotlighted its cancer ambassador program Wednesday, pairing newly diagnosed patients with survivors who guide them through treatment.
The program at Allegheny Health Network's Cancer Institute connects patients facing a new diagnosis with former patients who volunteer as ambassadors, aiming to ease the isolation that follows a diagnosis.
Sources: KDKA
Latest developments: Forecasters now expect the strongest storms overnight into Thursday morning, with a brief tornado possible before dawn, and Duquesne Light urged customers to prepare for outages.
The National Weather Service placed the Pittsburgh region under a severe risk for flash flooding, damaging winds, hail, and an isolated tornado as a line of storms crosses overnight Wednesday into the Thursday commute, with strong winds lingering through the day.
Latest developments: Commissioners voted Wednesday against advancing a proposed borough-township merger, halting consolidation talks a day after officials had moved toward a November ballot question.
Officials had weighed folding a local borough into the neighboring township and putting the question to voters in November, but commissioners voted to stop the merger discussions.
Sources: WPXI
Latest developments: Trinity United Church of Christ's pastor said Wednesday the May fire damage forces the congregation to demolish and rebuild rather than restore the historic building.
A May fire devastated the historic Trinity United Church of Christ in Indiana Township, Allegheny County, and the pastor said the congregation will tear it down and rebuild, aiming to mirror the original at the community's request.
Sources: KDKA
Latest developments: Mount Pleasant Township police added two e-bikes to their fleet this month to patrol the Panhandle and Montour trails.
Mount Pleasant Township police began using two electric bicycles to cover the Panhandle and Montour trails, extending visibility and response to paths that patrol cars cannot reach.
Sources: WTAE
Pirates (37-37)
Tue Jun 16 · Pirates 6 · Athletics 5 · Final
Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory
Wed Jun 17 · Pirates 7 · Athletics 0 · Top 4th (in progress at last update)
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: Tight end Darnell Washington joined Not Just Football with Cam Heyward to discuss his new four-year, $42 million extension and Connor Heyward's departure.
Fresh off signing a four-year, $42 million extension with the Steelers, tight end Darnell Washington went on Not Just Football with Cam Heyward to talk through the deal, his back-to-back national titles at Georgia, and life as a 6-foot-7 blocking and receiving threat.
Sources: Not Just Football with Cam Heyward
Latest developments: In a Wednesday column, the Post-Gazette's Noah Hiles wrote that general manager Ben Cherington should hope the team never learns what happens if the Pirates fail to improve.
Post-Gazette columnist Noah Hiles weighed the Pirates' trade-deadline choices around ace Paul Skenes and prospect Konnor Griffin, warning that continued underperformance would force a reckoning for general manager Ben Cherington.
Sources: Post-Gazette Pirates
Latest developments: Post-Gazette writers laid out the case this week for the Steelers to avoid quarterback Brendan Sorsby in the NFL's supplemental draft.
The Post-Gazette argued the Steelers would be right to skip quarterback Brendan Sorsby, who entered the supplemental draft amid a gambling matter, with prospects Drew Allar and Will Howard also part of the discussion.
Sources: Post-Gazette Steelers · Post-Gazette Steelers
S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 83.88 ▼ -8.6% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1%