================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 18, 2026 - 9:05 PM EDT ================================================================ International police gutted the SocGholish malware network tied to Evil Corp as the Gentlemen ransomware gang armed its affiliates with EDR-killing tools and CISA scrambled to harden 74,000 Fortinet devices exposed in the FortiBleed leak. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Ransomware crews are industrializing evasion, with the Gentlemen gang's GentleKiller disabling 400-plus security processes for affiliates while the Crypto Clipper worm self-propagates through USB shortcuts and Tor. see: Gentlemen Ransomware Arms Affiliates With EDR Killers; Crypto Clipper Worm Spreads Over USB and Tor * [TREND] Defenders pushed back as Operation Endgame seized 106 SocGholish servers tied to Evil Corp and CISA rushed hardening guidance for Fortinet gateways exposed by the FortiBleed leak. see: Operation Endgame Guts the SocGholish Malware Network; CISA Hardens Fortinet Devices After FortiBleed Credential Leak * [UPDATE (new)] Accenture bet $4.1 billion on operational technology, buying a majority stake in Dragos plus runZero and NetRise the same day CISA issued seven new ICS advisories. see: Accenture Bets $4.1 Billion on OT as ICS Advisories Pile Up * [UPDATE (new)] Apple shipped firmware closing a high-severity eavesdropping flaw in its Beats Studio Buds, a bug researchers first disclosed twelve months ago that also reaches other vendors' earbuds. see: Apple Patches Eavesdropping Flaw in Beats Studio Buds * [TREND] On the geopolitical front Hegseth threatened to pare U.S. NATO contributions absent higher European spending, while the signed U.S.-Iran accord rallied the Nasdaq and eased gasoline prices. see: Hegseth Threatens NATO Force Cuts; U.S.-Iran Pact Signed, Markets Rally * [UPDATE (new)] PennDOT will study tolling the I-279 HOV lanes and begin closing Commercial Street under the Parkway East as a nine-story tower is proposed on Mt. Washington. see: PennDOT to Study Tolls on North Hills HOV Lanes; Commercial Street to Close Under Parkway East; Nine-Story Tower Proposed on Mt. Washington SECURITY ---------------------------------------------------------------- 1. GENTLEMEN RANSOMWARE ARMS AFFILIATES WITH EDR KILLERS Ransomware and Cybercrime · [ransomware, raas, edr] Latest developments: ESET exposed the Gentlemen ransomware-as-a-service gang centrally developing GentleKiller, which targets more than 400 security processes across 48 products and ships directly to affiliates, and the group claimed the attack that halted harvesting and milling at Queensland producer Mackay Sugar. Gentlemen rents encryptors and, unusually, hands affiliates ready-made tooling to disable endpoint detection; a May 2026 internal data leak confirmed the arrangement and named the gang's leader. Defenders should watch for tampering with EDR agents. - BleepingComputer: https://www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/eset-gentlemen-edr-killers/ - The Record: https://therecord.media/mackay-sugar-cyberattack-claimed-gentlemen 2. CRYPTO CLIPPER WORM SPREADS OVER USB AND TOR Ransomware and Cybercrime · [malware, cryptocurrency, worm] Latest developments: The Microsoft Defender Security Research Team detailed Crypto Clipper, a lightweight Windows clipboard hijacker active since February 2026 that self-propagates through malicious USB shortcut files and polls a Tor hidden-service command server using Windows Script Host and ActiveX logic. The clipper silently swaps cryptocurrency wallet addresses copied to the clipboard so victims send funds to the attacker, and its worming over USB lets it jump air-gapped and offline machines. Users should verify wallet addresses before every transfer. - Ars Technica Security: https://arstechnica.com/security/2026/06/microsoft-spots-new-self-propagating-malware-for-stealing-cryptocurrency/ - The Hacker News: https://thehackernews.com/2026/06/microsoft-details-windows-clipper.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/ 3. CISA HARDENS FORTINET DEVICES AFTER FORTIBLEED CREDENTIAL LEAK Vulnerabilities and Exploits · [breach, vpn, credentials] Latest developments: CISA published an advisory confirming that attackers are actively using the leaked FortiBleed credentials to target internet-accessible Fortinet firewalls and VPN gateways across government and private organizations, and it urged operators to rotate credentials and harden the devices. FortiBleed exposed credentials inside the configuration files of roughly 74,000 Fortinet firewalls and VPN gateways worldwide after a Russian-speaking group accidentally left the stolen data on its own server, where researcher Volodymyr Diachenko found it. Affected organizations should assume compromise and reset credentials. - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure - BleepingComputer: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/fortinet-fortibleed-data-leak/ 4. OPERATION ENDGAME GUTS THE SOCGHOLISH MALWARE NETWORK Ransomware and Cybercrime · [malware, takedown, cybercrime] Latest developments: The Dutch National Police and the Operation Endgame coalition seized 106 servers and domains and scrubbed nearly 15,000 hacked WordPress sites that had served SocGholish payloads, naming Russia's Evil Corp as the operator. SocGholish lures victims into running malware through fake software-update prompts planted on compromised WordPress sites and feeds initial access to ransomware crews. Site owners should check for the injected loaders and confirm cleanup. - Help Net Security: https://www.helpnetsecurity.com/2026/06/18/law-enforcement-socgholish-operation-endgame/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/ 5. APPLE PATCHES EAVESDROPPING FLAW IN BEATS STUDIO BUDS Vulnerabilities and Exploits · [patch, bluetooth, vulnerability] Latest developments: Apple shipped firmware updates closing a high-severity flaw in its Beats Studio Buds that let an attacker within Bluetooth range listen to a wearer's conversations, a bug researchers disclosed twelve months ago that reaches earbuds from multiple manufacturers. The vulnerability lets a nearby attacker capture audio from affected wireless earbuds without pairing. Owners of Beats Studio Buds should install the latest firmware. - Ars Technica Security: https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations/ 6. ACCENTURE BETS $4.1 BILLION ON OT AS ICS ADVISORIES PILE UP Industrial and OT Security · [ics, ot, patch] Latest developments: Accenture agreed to buy a majority stake in industrial-security firm Dragos, valuing it at $3.25 billion, plus all of runZero and NetRise in a $4.1 billion operational-technology push, the same day CISA issued seven industrial advisories led by a CVSS 9.8 remote-code-execution flaw, CVE-2026-40624, in AVer PTC cameras. The deal consolidates industrial-asset visibility under Dragos as CISA flags fresh code-execution and denial-of-service bugs in gear from AVer, Schneider Electric, Mitsubishi Electric, and Rockwell Automation. Plant operators should review the advisories and apply available fixes. - SecurityWeek: https://www.securityweek.com/accenture-to-acquire-majority-stake-in-dragos-all-of-runzero-netrise-in-4-1-billion-ot-cybersecurity-push/ - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01 BUSINESS AND POLITICS ---------------------------------------------------------------- * Hegseth Threatens NATO Force Cuts Latest developments: Defense Secretary Pete Hegseth announced Thursday a review of U.S. forces in Europe and warned Washington will pare its contributions to the alliance unless European members raise their own military spending. Pete Hegseth told NATO that the size of the American troop presence and budget share on the continent now hinges on European defense spending, raising the prospect of a U.S. drawdown from Europe as the war in Ukraine grinds on. - WSJ Politics: https://www.wsj.com/politics/national-security/hegseth-announces-review-of-u-s-forces-in-europe-threatens-nato-cuts-d455bee3 * U.S.-Iran Pact Signed, Markets Rally Latest developments: The U.S. and Iran signed their interim accord Thursday, sending the Nasdaq up nearly 2% and gasoline prices lower, while shipping executives warned the deal's language lets Tehran levy Strait of Hormuz transit fees after 60 days. The agreement to wind down the U.S.-Iran war moved into a contentious phase as Vice President JD Vance defended it against bipartisan and Israeli criticism, oil eased on signs the strait that carries a fifth of the world's oil will reopen, and carriers cautioned that fees on the channel could follow. - WSJ Markets: https://www.wsj.com/business/energy-oil/stocks-rally-gas-prices-fall-as-u-s-iran-move-ahead-on-peace-deal-e1b8d56a?mod=rss_markets_main - FT World: https://www.ft.com/content/d7e0c7ca-3485-4eef-ab8c-70db0bf4b8be PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Cloudy, low 58F. Juneteenth: Mostly Sunny, high 78F. Friday Night: Mostly Clear, low 58F. Business: * Pennsylvania House Advances Data-Center Rules Latest developments: Three bills regulating data-center development cleared committee and headed to the full Pennsylvania House on Wednesday, June 17, broadening the local rules Franklin Park adopted earlier into statewide policy. Lawmakers from both parties in Harrisburg advanced three measures governing the energy-hungry data centers spreading across Pennsylvania, agreeing the companies building them need oversight as construction races ahead during budget season. - KDKA: https://www.cbsnews.com/pittsburgh/news/pennsylvania-data-center-legislation/ * Schwebel's Bakery to Close After 120 Years Latest developments: Schwebel Baking Company will shut down after more than 120 years, pulling a longtime brand from western Pennsylvania bread aisles. Schwebel Baking Company, a regional bread maker stocked across Pittsburgh-area grocery stores for 120 years, is going out of business. - WTAE: https://www.wtae.com/article/schwebels-bakery-closing/71627423 Around town: * PennDOT to Study Tolls on North Hills HOV Lanes Latest developments: PennDOT will study converting the Interstate 279 high-occupancy-vehicle lanes to Pittsburgh's North Hills into two-way, possibly tolled, lanes. The Pennsylvania Department of Transportation plans to examine adding two-way traffic and tolls on the HOV lanes linking downtown Pittsburgh with the North Hills, which now reverse direction by time of day. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/18/penndot-hov-lanes-study-two-way-traffic-tolls/stories/202606180075 * Commercial Street to Close Under Parkway East Latest developments: The main phase of PennDOT's Commercial Street Bridge replacement begins soon, closing Commercial Street where it passes beneath the Parkway East. PennDOT will shut Commercial Street under Interstate 376, the Parkway East, in Pittsburgh as it enters the critical stage of replacing the Commercial Street Bridge, a closure long flagged to drivers. - TribLive: https://triblive.com/local/regional/commercial-street-bridge-closures-quickly-approaching/ * Nine-Story Tower Proposed on Mt. Washington Latest developments: A developer proposed a nine-story residential building at 301 Grandview Avenue, a plan that would require demolishing the church now on the Mt. Washington lot. The proposal for 301 Grandview Avenue would replace a Mt. Washington church with a nine-story apartment building above downtown Pittsburgh, a project some neighbors oppose. - WPXI: https://www.wpxi.com/news/local/9-story-high-rise-planned-site-mt-washington-church-though-some-neighbors-not-sold/QNMFSP32QFGMVIPTJFUOIXOPOI/ Events: * Inaugural South Side Street Fest Latest developments: The South Side Hospitality Partnership opens the first South Side Street Fest on Saturday, June 20, closing East Carson Street to traffic, after the state granted $125,000 to fund security. The inaugural South Side Street Fest turns East Carson Street in Pittsburgh's South Side into a pedestrian zone on Saturday, June 20, 2026. - WPXI: https://www.wpxi.com/news/local/organizers-share-details-inaugural-south-side-street-fest-which-opens-saturday/YPGVNLXKPNFKLC4FPBLYPYOVNU/ * Weekend Guide: Monster Jam and Summer Splash Latest developments: NEXTpittsburgh's June 18-21 guide highlights Monster Jam, Summer Splash, and Bubblesburgh among the weekend's offerings. Pittsburgh's weekend of June 18 through 21, 2026, includes Monster Jam, the Summer Splash, Bubblesburgh, and the four-day Western Pennsylvania Juneteenth and Black Music Celebration running 11 a.m. to 10 p.m. at Point State Park, Market Square, and Liberty Avenue. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-18-21-2026/ SPORTS ---------------------------------------------------------------- Pirates (38-37) Wed Jun 17 · Pirates 12 · Athletics 4 · Final Ryan O'Hearn knocks in career-high 6 runs as Pirates roll to 12-4 victory over Athletics https://plaintextsports.com/mlb/2026-06-17/pit-ath Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM https://plaintextsports.com/mlb/2026-06-19/pit-col Around the Teams: * Darnell Washington Signs $42 Million Extension Latest developments: Tight end Darnell Washington joined Not Just Football with Cam Heyward fresh off signing a four-year, $42 million extension with the Steelers. On Cam Heyward's Not Just Football podcast, Steelers tight end Darnell Washington discussed his new four-year, $42 million contract and the coming season, with the show also crediting his growing role as a pass catcher. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=bI9k0IEdvzA * SNR Drive on Patrick Graham's Defense Latest developments: On the June 18 SNR Drive, Matt Williamson and Wes Uhler assessed how new defensive coordinator Patrick Graham's scheme fits the 2026 Steelers roster. The Steelers podcast SNR Drive measured Patrick Graham's 2025 defense against the talent he inherits in Pittsburgh and ran through the final offseason to-do list for all 32 NFL teams. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=FbvAiO-Zb0I * Film Room on Rookie Gabriel Rubio Latest developments: A Post-Gazette film breakdown praised Steelers rookie defensive lineman Gabriel Rubio's hand technique against the run. The Post-Gazette's Steelers film room judged Notre Dame rookie Gabriel Rubio a solid run defender for his violent hands, in an analysis that also looked at linemen Vega Ioane and Derrick Harmon. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/steelers-film-room-gabriel-rubio-notre-dame-vega-ioane-derrick-harmon/stories/202606170036 READING ---------------------------------------------------------------- * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson interviews Michael Morton on how AI reshapes e-commerce, weighing distribution against referral models and the implications for grocery and autonomous vehicles. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron reports that OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company is burning cash with no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a Financial Times interview with the Work AI Institute's Rebecca Hinds about a survey of 6,000 workers, Newport argues AI is exposing dysfunction already baked into knowledge work rather than creating it. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 81.24 ▼ -10.4% EUR/USD 1.1578 ▲ +0.3% GBP/USD 1.3401 ▲ +0.3% USD/JPY 160.27 = -0.0% ================================================================ Generated 2026-06-18 21:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================