================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 17, 2026 - 11:36 PM EDT ================================================================ A low-skilled attacker drove Anthropic's Claude Code and OpenAI's Codex to breach 14 companies, signaling that AI now lowers the skill floor for serious intrusions. CONTENTS: What's changed | Emerging Trends | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets WHAT'S CHANGED SINCE THE LAST UPDATE ---------------------------------------------------------------- * FortiBleed dump: 73,932 FortiGate VPN URLs with credentials; 30,000 firewalls compromised [new] * OALABS: low-skilled attacker drove Claude Code and Codex to breach 14 companies [new] * Attackers hijacked npm account to compromise up to 144 @mastra packages [new] * Microsoft, Check Point detail cryptocurrency clipper swapping wallet addresses, Tor traffic, worm spread [new] * Zimperium details Rokarolla Android banking trojan targeting 217 apps, 137 commands [new] * ICE buying immigrants' tax records; Google to use EU IP addresses [new] * New supply-chain trend: @mastra npm hijack follows 15 malicious JetBrains plugins [new] * New surveillance-creep trend on widening government and corporate data collection [new] * Fed projects at least one rate hike by year-end; markets slid [new] * US-Iran financial terms: frozen funds released, $60B+ annual oil sales estimated [updated] * Rep. Dean blocked from speaking with detainees at ICE center [new] * Pittsburgh relaunches and expands police-social worker 911 co-response program [new] * Commercial Street closure moved up to June 29, drawing resident complaints [new] EMERGING TRENDS ---------------------------------------------------------------- * AI Offense: AI coding agents let unskilled actors run intrusions that once demanded expertise, as the OALABS report, a junior hacker's Havoc campaign, and warnings of capable hacking models all converge this week. * Supply Chain: Attackers keep weaponizing the package ecosystem, hijacking 144 @mastra npm packages a day after 15 malicious JetBrains plugins surfaced, threatening developers who pull dependencies blindly. * Surveillance Creep: Governments and corporations widen data collection on individuals, from ICE buying immigrants' tax records to Google harvesting EU IP addresses, drawing fresh privacy objections. SECURITY ---------------------------------------------------------------- 1. FORTIBLEED CREDENTIAL LEAK Vulnerabilities and Exploits · [breach, credentials, patch] · first identified Jun 17, 2026 Latest developments: BleepingComputer put a precise figure on the FortiBleed dump—73,932 FortiGate VPN firewall URLs with credentials worldwide—while SOCRadar detected 30,000 compromised Fortinet firewalls and flagged three recently patched FortiSandbox flaws now drawing attacks. The FortiBleed leak hands attackers across nearly 200 countries working VPN credentials for tens of thousands of organizations, among them Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself. Affected firms must rotate credentials and patch FortiGate and FortiSandbox immediately. - BleepingComputer: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/sweeping-credential-harvesting-heist-compromises-30k-fortinet-devices - SecurityWeek: https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/ - Ars Technica Security: https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/ 2. AI AGENTS LOWER THE ATTACKER SKILL FLOOR AI Security · [ai, malware] · first identified Jun 17, 2026 Latest developments: OALABS, the Open Analysis team, recovered more than 1,000 agent sessions from a compromised server and showed a low-skilled attacker drove Anthropic's Claude Code and OpenAI's Codex to breach 14 companies while bypassing most guardrails, and a separate French-speaking intruder who hit a French automotive business installed OpenSSH and Tailscale to outlast his Havoc command-and-control server. AI coding agents now let attackers with little expertise carry out full intrusions, and Ars Technica argues models with strong hacking ability will soon become the norm regardless of export controls. Defenders should expect faster, cheaper attacks and harden identity, logging, and detection. - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/ai-agents-offensive-cyber-operations-claude-codex/ - The Hacker News: https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html - Ars Technica Security: https://arstechnica.com/ai/2026/06/dangerous-ai-models-are-coming-no-matter-what/ 3. GOVERNMENT AND CORPORATE DATA COLLECTION WIDENS Policy and Regulation · [privacy, policy, surveillance] · first identified Jun 17, 2026 Latest developments: 404 Media reviewed a $10 million ICE procurement to buy immigrants' tax-identifier records from a data broker, which Senator Ron Wyden said looks like an attempt to skirt a court order, while Google told users in the UK, EEA, and Switzerland it will use their IP addresses for ad measurement and personalization from August 3, 2026, and Britain moved to bar under-16s from user-to-user social media. Agencies and platforms are expanding collection and use of personal data, drawing privacy objections over consent, surveillance, and age verification. Organizations handling such data should weigh sharpening regulatory and reputational exposure. - 404 Media: https://www.404media.co/ice-appears-to-be-buying-immigrants-tax-identifiers-from-a-data-broker/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/google-to-use-uk-and-eu-user-ip-addresses-for-ad-personalization/ - Dark Reading: https://www.darkreading.com/cyber-risk/uk-social-media-ban-privacy-experts-worried 4. CRYPTO CLIPPER CAMPAIGN Ransomware and Cybercrime · [malware, cryptocurrency] · first identified Jun 17, 2026 Latest developments: Microsoft Threat Intelligence and Check Point Research detailed a cryptocurrency clipper that swaps wallet addresses on the clipboard, routes command traffic through Tor, spreads worm-like, and plants a backdoor, with operators drumming up downloads through paid posts on legitimate news sites, fake reviews, AI-voiced YouTube narrators, VirusTotal comments, and a WordPress phishing hub. The malware drains cryptocurrency by replacing copied wallet addresses and keeps persistent access for follow-on activity, spreading via GitHub and SourceForge projects that fake accounts promote. Users should verify wallet addresses before sending funds and install software only from verified sources. - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/ - The Hacker News: https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html 5. MASTRA NPM SUPPLY-CHAIN ATTACK Vulnerabilities and Exploits · [supply-chain, ai] · first identified Jun 17, 2026 Latest developments: Endor Labs, JFrog, SafeDep, Socket, and StepSecurity reported that attackers hijacked the npm account ehindero to compromise as many as 144 packages under the @mastra namespace, an open-source framework for building AI applications, in a campaign they codenamed easy-day-js. The poisoned packages can run attacker code on the machines of developers who pull them, threatening any project that builds on Mastra. Teams should pin trusted versions, audit recent installs, and rotate any secrets exposed to build pipelines. - The Hacker News: https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html 6. ROKAROLLA ANDROID BANKING TROJAN Ransomware and Cybercrime · [malware, android, banking] · first identified Jun 17, 2026 Latest developments: Zimperium detailed Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps, executes 137 commands, and enables full device takeover, named for its command-and-control infrastructure and spread through sites impersonating TikTok and Google Chrome. Rokarolla tricks users into installing fake versions of popular apps, then seizes the device to drain banking and crypto accounts. Android users should install apps only from official stores and review app permissions. - Help Net Security: https://www.helpnetsecurity.com/2026/06/17/rokarolla-android-banking-trojan-device-takeover/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Fed Signals Higher Rates, Markets Slide Latest developments: Stocks fell and Treasury yields jumped Wednesday after the committee's projections showed officials expect at least one rate increase by year-end, hardening the bare hold reported earlier into a hawkish shock. The Federal Reserve under new chair Kevin Warsh held its benchmark rate steady in a unanimous vote, dropped its bias toward cuts, and forecast higher rates to tame inflation that the Iran war pushed to nearly double the 2% target; the dollar climbed as bond markets sold off. - WSJ Markets: https://www.wsj.com/finance/stocks/global-stocks-markets-dow-update-06-17-2026-05228bac?mod=rss_markets_main - FT World: https://www.ft.com/content/f2463587-91e9-4da4-94b2-9cb9a270b74a - FT World: https://www.ft.com/content/0fda593c-7de5-44e2-825c-53d7451d5f70 * US-Iran Deal Frees Funds, Oil Sales Latest developments: Trump pledged Wednesday to release Iran's frozen funds and ease banking and transport sanctions, financial terms that emerged after the signing reported earlier, with analysts estimating Tehran could earn more than $60 billion a year in oil sales. The United States and Iran signed a memorandum of understanding to wind down the war that began February 28, reopening the Strait of Hormuz and letting Tehran resume oil exports; Trump said he could resume bombing if Iran breaks the terms and acknowledged Iran keeps its ballistic missiles. - FT World: https://www.ft.com/content/d4f89b6b-c213-4550-924b-a9ae45e24c37 - WSJ US Business: https://www.wsj.com/world/middle-east/deal-gives-iran-chance-to-turbocharge-its-oil-revenue-5b481eb6?mod=pls_whats_news_us_business_f - WSJ World News: https://www.wsj.com/world/trump-defends-iran-deal-says-he-wants-to-avoid-economic-catastrophe-cdf41846 PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Showers And Thunderstorms, low 68F. Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F. Thursday Night: Partly Cloudy, low 59F. Business: * O'Connor Signs Vape Shop Zoning Law Latest developments: Pittsburgh Mayor Corey O'Connor signed the ordinance Wednesday, putting new zoning limits on vape retailers into force across the city. Pittsburgh's new ordinance uses zoning to restrict where vape shops may operate, aiming to curb the stores' spread; Mayor Corey O'Connor signed it into law. - KDKA: https://www.cbsnews.com/pittsburgh/video/pittsburgh-mayor-signs-vape-shop-zoning-ordinance/ * Skill Games Face Slot-Machine Rules Latest developments: Operators and players across Pennsylvania spent Wednesday weighing the fallout, with the future of the machines uncertain after the state Supreme Court's ruling this week that they qualify as slot machines. Pennsylvania's Supreme Court ruled the unregulated skill games found in bars, convenience stores, and clubs are slot machines under state law, opening them to gaming regulation and taxation; the licensing and tax structure remains unsettled in Harrisburg. - WPXI: https://www.wpxi.com/news/local/pennsylvanians-weigh-court-ruling-that-could-lead-taxation-skill-games/SH3EGHR7OREYNL5727KLV52Y2Y/ Around town: * Commercial Street Closes Before Parkway East Work Latest developments: PennDOT moved the closure up, shutting Commercial Street on June 29, days ahead of the July bridge closure on the Parkway East, drawing complaints from residents over the earlier date. PennDOT will close Commercial Street under the Commercial Street Bridge on the Parkway East (Interstate 376) on June 29, ahead of a July bridge closure, and area residents object to the moved-up timeline. - WTAE: https://www.wtae.com/article/commercial-street-to-close-earlier-than-anticipated-residents-outraged/71607218 * Pittsburgh Relaunches Police Co-Response Program Latest developments: The city announced Wednesday it is relaunching and expanding the Office of Community Health and Safety's co-response program, which pairs a police officer with a social worker on certain 911 calls. Pittsburgh's Office of Community Health and Safety sends a police officer and a social worker together to answer mental-health and related 911 calls; community social worker Jaime Gribben-Mahoney runs the program downtown. - WPXI: https://www.wpxi.com/news/local/pittsburgh-relaunches-ochs-co-response-program-mental-health-emergencies/TLVPLQCAM5DYXGGVRCWYY3R6YE/ - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-co-response-program-expansion/ * Rep. Dean Barred From Detainees at ICE Center Latest developments: U.S. Representative Madeleine Dean said officials at Pennsylvania's largest immigrant detention center blocked her from speaking with detainees during a Wednesday oversight visit. U.S. Representative Madeleine Dean, a Pennsylvania Democrat, said officials at the state's largest immigrant detention center barred her from talking with detainees on an oversight visit, three weeks after other members of Congress relayed detainees' concerns from the facility. - TribLive: https://triblive.com/news/pennsylvania/rep-madeleine-dean-says-she-was-blocked-from-speaking-to-detainees-during-oversight-visit-to-pennsylvanias-largest-ice-detention-center/ SPORTS ---------------------------------------------------------------- Pirates (37-37) Tue Jun 16 · Pirates 6 · Athletics 5 · Final Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory https://plaintextsports.com/mlb/2026-06-16/pit-ath Wed Jun 17 · Pirates 7 · Athletics 0 · Bot 6th (in progress at last update) https://plaintextsports.com/mlb/2026-06-17/pit-ath Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM https://plaintextsports.com/mlb/2026-06-19/pit-col Around the Teams: * Film Room Likes Rookie DT Gabriel Rubio Latest developments: The Post-Gazette's film study broke down Steelers rookie defensive tackle Gabriel Rubio, crediting his violent hands as the trait that makes him a solid run defender. In its film review, the Post-Gazette graded Notre Dame product Gabriel Rubio a capable run-stopper for the Steelers, alongside notes on guard Vega Ioane and lineman Derrick Harmon. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/steelers-film-room-gabriel-rubio-notre-dame-vega-ioane-derrick-harmon/stories/202606170036 * Dulac Chat on Steelers QBs, McCarthy Latest developments: Beat writer Gerry Dulac's Wednesday chat fielded reader questions on the Steelers' quarterback room under coach Mike McCarthy and the supplemental-draft talk around Brendan Sorsby. Post-Gazette Steelers writer Gerry Dulac answered readers in his weekly chat, weighing the team's quarterback situation, coach Mike McCarthy, and whether the Steelers should pursue Brendan Sorsby. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/nfl-news-steelers-sorsby-rodgers-mccarthy-howard-allar/stories/202606170024 * Ex-Pirate Williams, Wilson Recall Pittsburgh Latest developments: With the Athletics in town to face the Pirates, infielders Jacob Wilson and Alika Williams told the Post-Gazette they relish their Pittsburgh memories. Athletics infielders Jacob Wilson and Alika Williams reflected on their Pittsburgh ties in a Post-Gazette feature during the A's series at PNC Park; Williams played for the Pirates before his move to the Athletics. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/17/athletics-jack-jacob-wilson-alika-williams-mlb/stories/202606170031 READING ---------------------------------------------------------------- * Stratechery -- The State of Fable, The Jailbreak Problem, SpaceX Acquires Cursor Ben Thompson argues the administration is very likely wrong in its read of Anthropic's Fable model yet treats managing the resulting risk as Anthropic's own responsibility, while also examining a jailbreak vulnerability and SpaceX's acquisition of Cursor. https://stratechery.com/2026/the-state-of-fable-the-jailbreak-problem-spacex-acquires-cursor/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron reports OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company burns cash with no plausible path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn’t Breaking Work. It’s Already Broken. Newport, citing a Financial Times interview with Work AI Institute head Rebecca Hinds and a survey of 6,000 digital workers, argues knowledge work was already dysfunctional and AI merely exposes the existing breakage. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1% ================================================================ Generated 2026-06-17 23:36 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================