daily plain-text briefing: security, markets, business, and pittsburgh
A low-skilled attacker wielding Anthropic's Claude Code and OpenAI's Codex breached 14 companies, the clearest sign yet that agentic AI is collapsing the skill floor for cyberattacks.
Latest developments: BleepingComputer pinned the leak at 73,932 Fortinet and FortiGate VPN credential URLs, and SOCRadar counted 30,000 compromised firewalls exposed through three recently patched FortiSandbox flaws.
The FortiBleed dump exposes working VPN credentials for tens of thousands of Fortinet devices at organizations across nearly 200 countries, among them Oracle, Lenovo, FedEx, and a NATO contractor. Rotate credentials and patch FortiSandbox at once.
Sources: BleepingComputer · SecurityWeek · Dark Reading · ↑ top
Latest developments: A $10 million procurement reviewed by 404 Media shows ICE buying immigrants' tax identifiers from a data broker, which Senator Ron Wyden calls an end-run around a court order, as Google prepares to use UK and EU IP addresses for ad personalization from August 3 and Britain readies a social-media ban for under-16s.
Governments and platforms are widening data collection on citizens, spanning immigration enforcement, ad targeting, and age verification. Privacy experts warn each move erodes anonymity and expands the surveillance surface.
Sources: 404 Media · BleepingComputer · Dark Reading · ↑ top
Latest developments: OALABS recovered more than 1,000 agent sessions from a compromised server and found a low-skilled attacker ran Anthropic's Claude Code and OpenAI's Codex to slip past their guardrails and breach 14 companies.
Researchers warn agentic coding tools hand novices the reach of seasoned intruders, and Ars Technica adds that models with strong hacking ability will become common whatever export rules say. Treat AI agents as a live offensive capability and tighten monitoring of their use.
Sources: Help Net Security · Ars Technica Security · ↑ top
Latest developments: Ars Technica warned that Secure Boot signing keys on Windows and Linux machines expire soon and need replacing, while the leaker Nightmare Eclipse dropped three Microsoft zero-days, one letting anyone with a USB stick walk past BitLocker disk encryption.
Expiring Secure Boot keys threaten to break trusted boot, and the BitLocker bypass undermines full-disk encryption on lost or stolen laptops. Update Secure Boot keys before the deadline and watch for Microsoft's emergency fixes.
Sources: Ars Technica Security · Graham Cluley · ↑ top
Latest developments: Microsoft Threat Intelligence and Check Point Research detailed a clipboard-hijacking clipper that swaps cryptocurrency wallet addresses, spreads worm-like, reaches Tor command servers, and builds buzz through paid news posts, fake VirusTotal comments, and AI-narrated YouTube videos.
The clipper replaces a copied wallet address with the attacker's the moment a victim pastes it, diverting transfers, and plants a lightweight backdoor for follow-on access. Verify pasted crypto addresses and shun software promoted through unsolicited reviews.
Sources: Microsoft Security Blog · The Hacker News · ↑ top
Latest developments: Attackers hijacked the npm account ehindero to compromise 144 packages in the Mastra AI-framework namespace, a campaign Endor Labs, JFrog, SafeDep, Socket, and StepSecurity codenamed easy-day-js.
Mastra is a widely used open-source JavaScript and TypeScript framework for building AI applications, so the poisoned @mastra/* packages endanger every project that pulls them. Pin versions, audit installs, and rotate any exposed tokens.
Sources: The Hacker News · ↑ top
Latest developments: The United States and Iran signed the memorandum of understanding Wednesday, days ahead of the Friday ceremony planned in Switzerland, and Pakistan's prime minister said it took immediate effect.
The accord winds down the war that began February 28, releases Iran's frozen funds, and eases banking and transport sanctions while letting Tehran keep its ballistic missiles; the Wall Street Journal estimates the restored oil sales could earn Iran more than $60 billion a year, and President Trump warned he could resume bombing if Tehran breaks the terms.
Sources: FT World · WSJ World News · ↑ top
Latest developments: At Kevin Warsh's first meeting as chair the Federal Open Market Committee held its benchmark rate steady in a unanimous vote, and officials' new projections pointed to at least one increase by year-end, sending stocks lower and Treasury yields and the dollar higher.
Warsh, who scrapped the Fed's explicit forward guidance and dropped its bias toward cuts, framed the hawkish turn as taming the inflation jolt from the Iran war, which has pushed prices toward double the central bank's 2% target.
Sources: FT World · WSJ Markets · FT Markets · ↑ top
Overnight: Scattered Showers And Thunderstorms, low 68F.
Thursday: Chance Showers And Thunderstorms then Mostly Sunny, high 84F.
Thursday Night: Partly Cloudy, low 59F.
Latest developments: Pennsylvania operators, lawmakers, and players are weighing how the machines will be taxed after this week's state Supreme Court ruling classified skill games as slot machines under state law.
The decision subjects the thousands of skill games in Pennsylvania bars, convenience stores, and clubs to gaming regulation, and Harrisburg now faces pressure to set a tax rate on a market that has run untaxed for years.
Latest developments: Mayor Corey O'Connor signed an ordinance Wednesday that uses zoning rules to restrict where vape shops can operate in Pittsburgh.
The legislation sets zoning limits on vape and tobacco retailers across the city, the latest municipal effort to curb their spread.
Latest developments: Storms moved into Western Pennsylvania overnight into Thursday, June 18, carrying a tornado risk, flash flooding, and damaging winds, and Duquesne Light urged customers to ready for outages.
The National Weather Service flagged the early-Thursday system as a severe-weather threat for the Pittsburgh region, with strong low-level wind shear keeping storms organized through the morning commute before gusty winds linger most of the day.
Sources: WTAE · WPXI · WTAE · ↑ top
Latest developments: PennDOT moved up the closure under the Commercial Street Bridge on the Parkway East to June 29, earlier than the early-July start it first announced, ahead of a full bridge closure in July.
The work on Interstate 376 in Pittsburgh's East End will shut Commercial Street beneath the span, a change that has drawn complaints from nearby residents.
Latest developments: Pittsburgh's Office of Community Health and Safety relaunched and moved to expand its co-response program Wednesday, pairing a police officer with a social worker on certain 911 calls.
Community social worker Jaime Gribben-Mahoney and her police partners answer mental-health and related calls together in Downtown Pittsburgh, an approach the city says reaches people reluctant to deal with officers alone.
Latest developments: Pittsburgh's Juneteenth festivals, film screenings, and gatherings run up to the June 19 holiday, now two days out.
The Pittsburgh Post-Gazette's guide rounds up the region's June 19 observances, from festivals to film screenings marking the end of slavery in the United States.
Sources: Post-Gazette Arts & Entertainment · ↑ top
Pirates (37-37)
Wed Jun 17 · Pirates 12 · Athletics 3 · Bot 8th (in progress at last update)
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: Post-Gazette writers said this week the Steelers should and likely will sit out any bid for quarterback Brendan Sorsby in the NFL supplemental draft.
Sorsby became available through the supplemental draft after a gambling matter, and the Post-Gazette's analysis concluded the Steelers have little reason to spend a pick to acquire him.
Sources: Post-Gazette Steelers · Post-Gazette Steelers · ↑ top
Latest developments: The Post-Gazette's film breakdown cast Steelers defensive tackle Gabriel Rubio, from Notre Dame, as a solid run defender whose violent hands hold up at the point of attack.
Rubio projects as a rotational run-stopper on a Steelers defensive line that includes Derrick Harmon.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: Jacob Wilson and Alika Williams, in town with the Athletics for the series against the Pirates, told the Post-Gazette they hold fond memories of their time in Pittsburgh.
The two Athletics infielders, with Pittsburgh roots, reflected on their days in the city as the clubs met this week at PNC Park.
Sources: Post-Gazette Pirates · ↑ top
S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1%