daily plain-text briefing: security, markets, business, and pittsburgh
A breach of the Klue Battlecards app handed the Icarus extortion crew Salesforce data from security firms Huntress and Recorded Future, extending a run of SaaS supply-chain compromises.
Latest developments: Salesforce disabled the Klue Battlecards app integration after the Icarus threat actors abused OAuth tokens from a June 11 incident to steal CRM data from customers including Huntress and Recorded Future.
Klue, a competitive-intelligence platform, marks the third integrated Salesforce app attackers have compromised to siphon customer data in an ongoing extortion campaign. Organizations should audit connected-app permissions and rotate OAuth tokens.
Sources: SecurityWeek · The Hacker News · BleepingComputer · Dark Reading · ↑ top
Latest developments: CISA added Splunk Enterprise flaw CVE-2026-20253, an unauthenticated remote-code-execution bug, to its known exploited catalog and gave agencies three days to patch, while F5 shipped out-of-band fixes for two critical NGINX Open Source flaws led by CVE-2026-42530, a use-after-free in the ngx_http_v3_module.
Attackers exploited the Splunk missing-authentication flaw within days of its disclosure; the NGINX bugs let a remote unauthenticated attacker run code on HTTP/3-enabled servers. Splunk separately patched an OS command injection in its AI Toolkit, and Atlassian fixed dozens of dependency flaws.
Sources: SecurityWeek · CISA Advisories · The Hacker News · BleepingComputer · ↑ top
Latest developments: Microsoft detailed AutoJack, an exploit chain in which a single malicious webpage drives an AI browsing agent into remote code execution on its host by abusing localhost trust, missing authentication, and unsafe parameter handling in AutoGen Studio's MCP WebSocket.
The research shows that when agents browse untrusted content and reach local services, traditional boundaries collapse. The risk compounds with orphaned agents left running after their creators leave, which carry standing privileges no one tracks.
Sources: Microsoft Security Blog · The Hacker News · ↑ top
Latest developments: Acronis charted INC's rise to at least 830 victims since August 2023, crediting affiliates who migrated after the disruption of LockBit and the shutdown of BlackCat.
INC operates as a ransomware-as-a-service business that has become one of 2026's most prolific extortion groups, favoring healthcare and other sectors where disruption forces a fast payout. Defenders should harden remote access and segment recovery backups.
Sources: The Hacker News · ↑ top
Latest developments: Researchers from multiple firms concluded that the four-year-old Popa botnet, which forces millions of consumer Android TV boxes to relay traffic for advertising fraud, account takeovers, and mass scraping, links to NetNut, a residential-proxy provider run by publicly traded Israeli firm Alarum Technologies Ltd.
Popa converts compromised TV boxes into exit nodes for paying proxy customers, hiding malicious traffic behind ordinary home IP addresses. The finding ties a commercial residential-proxy business to a long-running consumer-device botnet.
Sources: Krebs on Security · ↑ top
Latest developments: SecurityWeek reported that most internet-accessible REDCap research-data servers run outdated software, and that China-linked UNC6508 regularly targets them for initial access and backdoor deployment.
REDCap is a widely used clinical and research data-capture platform run by universities and medical institutions. Operators should update to current releases and pull exposed instances behind authentication to deny UNC6508 a foothold.
Sources: SecurityWeek · ↑ top
Latest developments: Andy Burnham won the Makerfield by-election on June 19, taking a Commons seat that lets him challenge Keir Starmer for the Labour leadership, and Starmer said he would stand in any contest; ten-year gilt yields rose 6.5 basis points to 4.809%.
Greater Manchester mayor Andy Burnham defeated Nigel Farage's Reform UK in the Makerfield special election, returning to Parliament with a platform to mount a leadership challenge against Prime Minister Keir Starmer, a fight that would reshape British government as May public-sector borrowing hit £23.3 billion.
Sources: WSJ World News · FT World · The Economist · ↑ top
Latest developments: Vice President JD Vance called off his trip to Switzerland and Iran postponed the nuclear negotiations after Israeli strikes on southern Lebanon, casting doubt on Wednesday's interim accord and pushing Brent crude back above $80 a barrel.
The United States and Iran signed an interim deal on June 17 to end their war and reopen the Strait of Hormuz, and the U.S. Navy has since let more than a dozen ships reach Iranian ports, while the Pentagon told lawmakers it needs $80 billion to cover the war's costs.
Sources: FT World · WSJ Markets · WSJ Politics · ↑ top
Juneteenth: Mostly Sunny then Slight Chance Rain Showers, high 78F.
Tonight: Mostly Clear, low 58F.
Saturday: Mostly Sunny then Slight Chance Showers And Thunderstorms, high 78F.
Latest developments: Pittsburgh Regional Transit starts serving two new stops at the Waterfront shopping center in Homestead on Sunday, the result of a fall agreement that reversed the center's move to push buses off the property near Target and Giant Eagle.
Pittsburgh Regional Transit and the Waterfront's management settled a fight over bus access to the Homestead retail complex, and the agency will begin using two relocated stops this weekend, preserving service for the shoppers and workers who reach the stores by transit.
Latest developments: WPXI reports some neighbors now oppose the nine-story residential building a developer wants to raise at 301 Grandview Avenue, a project that still requires demolishing the church on the lot.
A developer has proposed a nine-story apartment building at 301 Grandview Avenue atop Mt. Washington, a high-profile site along the Grandview promenade overlooking downtown Pittsburgh, and the plan would tear down the church that occupies the lot.
Latest developments: Pittsburgh is directing $800,000 to its Roots street outreach team to expand support for homeless residents, though advocates told the Post-Gazette that significant gaps in services remain.
Pittsburgh's Roots street outreach team, which works directly with people living unsheltered across the city, will receive $800,000 in new funding, money advocates welcome even as they warn it falls short of the need.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Pittsburgh first lady Katie O'Connor announced Thursday in Carrick that the city, backed by Benter Foundation funding, is widening its rollout of Dolly Parton's Imagination Library to reach more children.
Dolly Parton's Imagination Library mails free books each month to enrolled children, and Pittsburgh is enrolling more families citywide with Benter Foundation support to lift early literacy.
Latest developments: In a Post-Gazette conversation, Rabbi Daniel Fellman described the merger of Pittsburgh's Rodef Shalom and Temple Sinai congregations into a single Reform community, Beit Kulanu, which he calls 'a house for all peoples.'
Two longtime Pittsburgh Reform Jewish congregations, Rodef Shalom and Temple Sinai, are combining into one community named Beit Kulanu under Rabbi Daniel Fellman, consolidating membership and worship under a single roof.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: The four-day festival continues through Sunday, June 21, with the Juneteenth holiday itself falling on Friday, June 19.
The Western Pennsylvania Juneteenth and Black Music Celebration, the largest Juneteenth festival in North America, runs Thursday through Sunday, June 18 to 21, from 11 a.m. to 10 p.m. across Point State Park, Market Square, and Liberty Avenue downtown; Stop the Violence Pittsburgh presents the 161st-anniversary event.
Sources: NEXTpittsburgh Events · ↑ top
Latest developments: Plum's Summerfest opens this weekend at Larry Mills Park with a Ferris wheel, fishing games, funnel cakes, and corn dogs.
Summerfest, Plum's community fair, sets up at Larry Mills Park this weekend with carnival rides including a Ferris wheel, fishing games, and fair food such as funnel cakes and corn dogs.
Pirates (38-37)
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: The Pirates sent catcher Joey Bart to the Atlanta Braves on Thursday night for right-handed reliever Hunter Stratton, a move the Post-Gazette frames as adding bullpen depth and clearing a logjam behind the plate.
Hunter Stratton, a 2017 Pirates draft pick who pitched in Pittsburgh from 2023 to 2025 before Atlanta acquired him last summer, returns to the organization and reports to Triple-A Indianapolis, while Bart's exit thins a crowded Pirates catching picture.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: Post-Gazette writers say the Steelers will likely avoid quarterback Brendan Sorsby in the NFL's supplemental draft, pointing to the gambling matter that pushed him from the college ranks.
Brendan Sorsby, a college quarterback who entered the NFL supplemental draft amid a gambling matter, has surfaced as a possible Steelers target; the team's beat writers expect Pittsburgh to steer clear, citing the risk and a settled quarterback room.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: A Post-Gazette feature details how rookie safety Robert Spears-Jennings ran a 4.32-second 40-yard dash at the NFL combine and turned the time into a Steelers selection.
Robert Spears-Jennings, a safety the Steelers drafted, traces his rise to a 4.32-second 40-yard dash at the scouting combine, a number that vaulted him up draft boards and into Pittsburgh's plans.
Sources: Post-Gazette Steelers · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1578 ▲ +0.3% GBP/USD 1.3401 ▲ +0.3% USD/JPY 160.27 = -0.0%