daily plain-text briefing: security, markets, business, and pittsburgh
A sprawling FortiBleed credential leak exposes VPN logins at Oracle, Lenovo, FedEx, and a NATO contractor as Microsoft races to patch a Defender zero-day attackers already weaponized.
Security
Business & Politics
Pittsburgh
Sports
Reading
Latest developments: Ars Technica named the sensitive networks caught in the dump—Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself—while Dark Reading reported attackers working through nearly 200 countries and compiling a verified-credential list for tens of thousands of devices.
FortiBleed exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide, and SOCRadar counts 30,000 compromised firewalls tied to three recently patched FortiSandbox flaws. Affected organizations should rotate VPN credentials and patch FortiSandbox at once.
Sources: Ars Technica Security · Dark Reading · BleepingComputer · SecurityWeek · ↑ top
Latest developments: Microsoft confirmed RoguePlanet as CVE-2026-50656, a CVSS 7.8 privilege-escalation race condition in the Microsoft Malware Protection Engine that public proof-of-concept code uses to spawn a System-level command prompt, and said a patch is in development a week after disclosure.
An actor calling itself Nightmare Eclipse dropped three Windows zero-days, including RoguePlanet and a BitLocker bypass a thief can trigger with a USB stick. Windows users running Microsoft Defender await the fix.
Sources: The Hacker News · SecurityWeek · BleepingComputer · Graham Cluley · ↑ top
Latest developments: Oracle shipped 245 fixes in its June 2026 Critical Patch Update, Google and Mozilla patched critical memory-safety bugs in Chrome and Firefox, Rockwell Automation fixed flaws in Logix, CompactLogix, RSLinx, and FactoryTalk, and CISA ordered federal agencies to patch the maximum-severity Joomla Content Editor flaw CVE-2026-48907 by Friday.
The June patch wave spans enterprise, browser, and industrial software, with the Joomla JCE flaw already exploited for PHP code execution. Administrators should prioritize the exploited Joomla bug and the Oracle and browser fixes.
Sources: SecurityWeek · SecurityWeek · SecurityWeek · BleepingComputer · ↑ top
Latest developments: Kodak confirmed that hackers accessed company data in a breach the ShinyHunters extortion gang claimed, and Dark Reading detailed how INC ransomware thrives by striking healthcare and other sectors where disruption forces a fast payout.
ShinyHunters, recently tied to Oracle PeopleSoft attacks, added imaging maker Kodak to its victims, which is now working with external experts. INC ransomware keeps mastering basics and pressuring high-stakes sectors.
Sources: BleepingComputer · Dark Reading · ↑ top
Latest developments: NCSC chief executive Richard Horne told the Royal United Services Institute that hostile states drive three-quarters of attacks on Britain's critical infrastructure and are prepositioning inside it, warning that kinetic targeting in any future conflict will rest on intelligence gathered today.
Britain's critical-infrastructure operators face sustained state intrusion aimed at mapping networks for future strikes. Horne pressed owners to harden their systems now.
Sources: The Record · ↑ top
Latest developments: India banned Telegram until June 22 after leaked exam papers circulated on the app, and chief executive Pavel Durov accused telecom Reliance of BGP hijacking that knocked Telegram offline as far away as the United Arab Emirates.
India ordered the block over leaked exams, and Durov says Reliance's routing manipulation spilled the outage across borders. Users reach Telegram through an MTProto proxy.
Sources: BleepingComputer · ↑ top
Latest developments: Kevin Warsh's debut meeting delivered the machinery behind the prior day's hawkish signal: the Federal Open Market Committee held its benchmark rate steady in a unanimous vote, abandoned its bias toward rate cuts, and scrapped explicit forward guidance, sending Treasury yields and the dollar higher as stocks fell again.
At Chair Kevin Warsh's first Federal Open Market Committee meeting, the Federal Reserve kept rates unchanged Wednesday and issued a sharply shortened statement, while officials' own projections pointed to at least one increase by year-end as the central bank moves to tame the inflation jolt from the Iran war.
Sources: FT World · WSJ Markets · ↑ top
Tonight: Showers And Thunderstorms, low 68F.
Thursday: Showers And Thunderstorms then Mostly Sunny, high 83F.
Thursday Night: Partly Cloudy, low 59F.
Latest developments: Franklin Park Borough Council approved guidelines governing data centers, putting rules in place before any developer proposes one.
Franklin Park Borough Council in Allegheny County passed zoning guidelines for data centers, preparing for the day an artificial-intelligence company targets the borough for a project.
Latest developments: Pennsylvania operators and lawmakers now weigh taxation of the machines after this week's state Supreme Court ruling classified skill games as slot machines.
The Pennsylvania Supreme Court ruled this week that skill games qualify as slot machines under state law, leaving the lightly regulated, untaxed terminals in bars and stores across the state facing possible taxation and the gaming-law oversight that governs casinos.
Latest developments: The National Weather Service put the Pittsburgh region under a severe-weather threat for early Thursday, June 18, carrying a tornado risk, flash flooding, damaging winds, and hail, with Duquesne Light warning customers to prepare for outages.
Storms moving through overnight into Thursday morning threaten the Pittsburgh area with brief tornadoes, flash flooding, and gusty winds, prompting Duquesne Light to urge customers across Western Pennsylvania to ready for power outages during the region's peak severe-weather season.
Latest developments: Weeks after KDKA first reported the infestation, Rostraver Township residents say rats still overrun their neighborhood, even after 105 pigs were rescued from the source property.
Residents along Adams Drive off Route 51 in Rostraver Township, Westmoreland County, say hundreds of rats keep running through their neighborhood, tracing the problem to one property where authorities removed 105 pigs.
Latest developments: Trinity United Church of Christ in Indiana Township decided it must tear down and rebuild its sanctuary, which a May fire gutted, with the Rev. David Mears saying the congregation aims to recreate the old building as closely as the community wants.
A historic church in Indiana Township, Allegheny County, Trinity United Church of Christ, will demolish and rebuild after a May fire devastated the structure, its pastor, the Rev. David Mears, said.
Pirates (37-37)
Tue Jun 16 · Pirates 6 · Athletics 5 · Final
Lowe hits go-ahead homer, Reynolds connects twice as Pirates rally past Athletics for 6-5 victory
Wed Jun 17 · Pirates 8 · Athletics 2 · Top 7th (in progress at last update)
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: Post-Gazette columnist Noah Hiles shifted from the bullpen to the franchise's bigger stakes, warning what a stalled season could cost a roster built around ace Paul Skenes.
In a Post-Gazette column, Noah Hiles argued the Pirates must turn their season around or face the consequences, weighing the looming trade deadline, top prospect Konnor Griffin, and general manager Ben Cherington's standing.
Sources: Post-Gazette Pirates · ↑ top
S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1%