daily plain-text briefing: security, markets, business, and pittsburgh
F5 races to patch a critical, unauthenticated remote-code flaw in the ubiquitous NGINX web server even as the FortiBleed dump exposes VPN credentials for 73,932 Fortinet firewalls worldwide.
Latest developments: A $10 million ICE procurement that 404 Media reviewed shows the agency buying immigrants' tax-identifier records from a data broker—a move Senator Ron Wyden called an attempt to skirt a court order—while the UK Home Office presses ahead with scanning asylum-seekers' faces for age estimates despite its own error-prone test results, and Google said it will start using UK, EEA, and Swiss users' IP addresses for ad personalization on August 3, 2026.
The moves expand identity tracking across immigration enforcement, asylum processing, and ad targeting; the UK's Information Commissioner's Office is weighing new consent rules as privacy advocates question the legality.
Sources: 404 Media · Wired Security · BleepingComputer · ↑ top
Latest developments: AWS opened a gated preview of Continuum, a model-agnostic system that triages and resolves code vulnerabilities across their lifecycle, Microsoft detailed its agentic vulnerability-detection system MDASH now running across Windows, Azure, and identity, and Cisco Talos showed local AI agents scripting the VB6 disassembler vbdec through a live COM interface for reverse engineering.
Vendors are wiring frontier models directly into vulnerability discovery and remediation pipelines, promising faster fixes while raising fresh questions about oversight of agentic tooling; teams piloting these systems should validate AI findings before acting.
Sources: Help Net Security · Microsoft Security Blog · Cisco Talos · ↑ top
Latest developments: F5 shipped fixes on June 18 for critical NGINX vulnerabilities that let a remote, unauthenticated attacker crash the server and potentially run arbitrary code, while the Secure Boot keys that vouch for Windows and Linux boot sequences begin to expire.
NGINX fronts a large share of the world's websites and proxies, so an unauthenticated remote-code path threatens internet-facing infrastructure broadly; administrators should apply F5's June patches and rotate expiring Secure Boot keys before the boot chain loses its trust anchor.
Sources: SecurityWeek · Ars Technica Security · ↑ top
Latest developments: ESET detailed GentleKiller, a toolset the Gentlemen ransomware-as-a-service gang builds in-house to disable more than 400 security processes across 48 endpoint products, then hands directly to affiliates—an arrangement a May 2026 internal leak confirmed while exposing the gang's leader.
Most ransomware crews leave endpoint-detection evasion to affiliates, while Gentlemen centralizes it and raises the odds that detection goes dark before encryption; defenders should watch for tampering with security agents and harden EDR self-protection.
Sources: Help Net Security · ↑ top
Latest developments: BleepingComputer quantified the FortiBleed dump at 73,932 Fortinet and FortiGate firewall URLs, and Dark Reading reported attackers have compromised more than 30,000 of those devices across nearly 200 countries while compiling a verified list of working credentials.
The leak exposes FortiGate VPN credentials at organizations including Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet itself; affected operators should assume compromise, reset credentials, and hunt for unauthorized VPN access.
Sources: BleepingComputer · Dark Reading · Ars Technica Security · ↑ top
Latest developments: Microsoft Threat Intelligence and Check Point Research detailed a cryptocurrency clipper that swaps wallet addresses on the clipboard, spreads worm-like, talks to its operators over Tor, and installs a lightweight backdoor, promoting its lures through paid posts on legitimate news sites, fake reviews, AI-narrated YouTube videos, GitHub and SourceForge projects, and VirusTotal comments.
The malware steals cryptocurrency by replacing copied wallet addresses and establishes persistent access for follow-on activity; users should verify pasted wallet addresses and avoid software promoted through unverified GitHub, SourceForge, and YouTube channels.
Sources: Microsoft Security Blog · The Hacker News · ↑ top
Latest developments: The two sides signed the memorandum of understanding Wednesday, days ahead of the planned June 19 ceremony in Switzerland, and it took immediate effect; oil fell more than 2% as traders bet on a fast reopening of the Strait of Hormuz.
President Trump and Iran signed an agreement to end the war that began February 28, with Trump pledging to release frozen Iranian funds and ease banking and transport sanctions while Tehran keeps its ballistic missiles; Pakistan's prime minister, who mediated, confirmed the accord and the deal reopens the Strait of Hormuz, the waterway carrying roughly a fifth of global oil shipments.
Sources: FT World · WSJ Markets · ↑ top
Latest developments: A day after holding rates and dropping its easing bias, Federal Reserve officials signaled their next move could be a rate increase before year-end, pushing the dollar to an 11-week high and pulling gold lower.
At Chair Kevin Warsh's debut meeting the Federal Open Market Committee held its benchmark rate steady, and the hawkish turn that followed has lifted the dollar against a basket of currencies to its highest in 11 weeks and weighed on gold, even as falling oil eases inflation worries.
Sources: WSJ Markets · WSJ Markets · FT World · ↑ top
Latest developments: Ukraine launched nearly 200 drones at Moscow, its largest strike on the Russian capital, with several hitting the city's biggest oil refinery.
Ukraine sent close to 200 drones against Moscow, striking the capital's largest oil refinery and marking a sharp escalation in the war with Russia.
Today: Chance Rain Showers then Mostly Sunny, high 84F.
Tonight: Partly Cloudy, low 59F.
Juneteenth: Sunny, high 78F.
Latest developments: The Leechburg Area School District board approved a 3% property-tax increase and a new assessment formula Wednesday.
The Leechburg Area School District board passed a 3% property-tax increase along with an assessment formula that, for the first time in years, balances residents' tax bills across the district's Armstrong and Westmoreland county communities.
Latest developments: PublicSource published an interactive map of the region's farmers markets and a feature on the work behind them on June 18.
PublicSource mapped the Pittsburgh region's farmers markets and profiled the vetting behind them, with South Side Market Manager Gianna Donati describing how she questions every vendor to confirm each one grows its own produce or handmakes its goods.
Sources: PublicSource · PublicSource · ↑ top
Latest developments: The National Weather Service in Pittsburgh lowered its Thursday projections for tornadoes and damaging winds, and the morning storms passed mostly south of the city.
Showers and storms crossed Western Pennsylvania early Thursday, June 18, with wind gusts of 40 to 50 mph possible east of Pittsburgh and more than an inch of rain in spots; Duquesne Light had urged customers to prepare for outages.
Sources: TribLive · WTAE · ↑ top
Latest developments: Penn Township commissioners voted Wednesday against merging with neighboring Penn Borough.
Penn Township's commissioners in Westmoreland County turned down a merger with the small adjacent Penn Borough, leaving the borough on its own for now.
Latest developments: The Post-Gazette reported June 18 that kratom use is rising across Pennsylvania while doctors and lawmakers work to understand and regulate it.
As the herbal supplement kratom spreads through Allegheny County and the rest of Pennsylvania, physicians and state lawmakers are scrambling to study and regulate a substance still sold largely without oversight.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Rivers of Steel's exhibition Paintable Pittsburgh: The Art of Henry Koerner continues at the Bost Building in Homestead through July 31.
Paintable Pittsburgh: The Art of Henry Koerner runs daily 11 a.m. to 4 p.m. through Friday, July 31, at the Bost Building, 623 East Eighth Avenue in Homestead; admission is free but requires an RSVP at riversofsteel.com.
Sources: Pittsburgh City Paper · ↑ top
Pirates (38-37)
Wed Jun 17 · Pirates 12 · Athletics 4 · Final
Ryan O'Hearn knocks in career-high 6 runs as Pirates roll to 12-4 victory over Athletics
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: On Not Just Football with Cam Heyward, tight end Darnell Washington broke down his new four-year, $42 million Steelers extension.
Darnell Washington, the 6-foot-7 tight end, joined the Not Just Football podcast fresh off his four-year, $42 million extension to discuss the contract, the departure of Connor Heyward, his back-to-back national titles at Georgia, and fatherhood.
Sources: Not Just Football with Cam Heyward · ↑ top
Latest developments: The Post-Gazette detailed how rookie safety Robert Spears-Jennings's 4.32-second 40-yard dash at the NFL combine changed how teams viewed him.
Steelers rookie safety Robert Spears-Jennings credits a 4.32-second 40-yard dash at the NFL combine with lifting his draft trajectory, a turn the Post-Gazette traced in detail.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: A Post-Gazette film breakdown rated rookie defensive lineman Gabriel Rubio a solid run defender.
In its film room, the Post-Gazette judged Steelers rookie defensive lineman Gabriel Rubio, out of Notre Dame, a sturdy run defender on the strength of his violent hands.
Sources: Post-Gazette Steelers · ↑ top
S&P 500 7,462.30 ▲ +0.8% Dow 51,442.85 ▲ +1.3% Nasdaq 26,156.09 ▲ +1.1% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1584 ▲ +0.2% GBP/USD 1.3414 ▲ +0.3% USD/JPY 160.25 ▲ +0.1%