================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Friday, June 19, 2026 - 6:09 AM EDT ================================================================ A breach of the Klue Battlecards app handed the Icarus extortion crew Salesforce data from security firms Huntress and Recorded Future, extending a run of SaaS supply-chain compromises. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Stolen OAuth tokens from the Klue Battlecards app let the Icarus crew loot Salesforce records from customers including Huntress and Recorded Future. see: Klue OAuth Breach Feeds Salesforce Data Theft * [UPDATE (new)] Attackers hit the Splunk Enterprise RCE flaw within days, triggering a three-day CISA deadline as F5 rushed out-of-band fixes for two critical NGINX bugs. see: Splunk and NGINX Flaws Draw Urgent Patches * [TREND] Microsoft's AutoJack chain shows a single malicious webpage can hijack an AI browsing agent into running code on its host, widening the agent attack surface. see: AutoJack Turns AI Browsing Agents Into RCE * [TREND] Threat-actor operations churned as INC ransomware passed 830 victims absorbing LockBit and BlackCat affiliates, the Popa botnet enslaved Android TV boxes, and China's UNC6508 hunted outdated REDCap servers. see: INC Ransomware Tops 830 Victims; Popa Botnet Tied to NASDAQ-Listed Alarum; China's UNC6508 Hunts Outdated REDCap Servers * [UPDATE (new)] Andy Burnham won the Makerfield by-election and now eyes Keir Starmer's Labour leadership, while stalled Iran nuclear talks pushed Vance to cancel his Switzerland trip. see: Burnham Wins By-Election, Eyes Starmer's Job; Iran Talks Stall, Vance Cancels Switzerland Trip SECURITY ---------------------------------------------------------------- 1. KLUE OAUTH BREACH FEEDS SALESFORCE DATA THEFT Data Breaches · [breach, supply-chain] Latest developments: Salesforce disabled the Klue Battlecards app integration after the Icarus threat actors abused OAuth tokens from a June 11 incident to steal CRM data from customers including Huntress and Recorded Future. Klue, a competitive-intelligence platform, marks the third integrated Salesforce app attackers have compromised to siphon customer data in an ongoing extortion campaign. Organizations should audit connected-app permissions and rotate OAuth tokens. - SecurityWeek: https://www.securityweek.com/cybersecurity-firms-impacted-by-klue-supply-chain-attack/ - The Hacker News: https://thehackernews.com/2026/06/salesforce-disables-klue-app.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/salesforce-data-thefts-klue-app-compromise 2. SPLUNK AND NGINX FLAWS DRAW URGENT PATCHES Vulnerabilities and Exploits · [patch, rce, zero-day] Latest developments: CISA added Splunk Enterprise flaw CVE-2026-20253, an unauthenticated remote-code-execution bug, to its known exploited catalog and gave agencies three days to patch, while F5 shipped out-of-band fixes for two critical NGINX Open Source flaws led by CVE-2026-42530, a use-after-free in the ngx_http_v3_module. Attackers exploited the Splunk missing-authentication flaw within days of its disclosure; the NGINX bugs let a remote unauthenticated attacker run code on HTTP/3-enabled servers. Splunk separately patched an OS command injection in its AI Toolkit, and Atlassian fixed dozens of dependency flaws. - SecurityWeek: https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/ - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-adds-one-known-exploited-vulnerability-catalog - The Hacker News: https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/ 3. AUTOJACK TURNS AI BROWSING AGENTS INTO RCE AI Security · [ai, rce] Latest developments: Microsoft detailed AutoJack, an exploit chain in which a single malicious webpage drives an AI browsing agent into remote code execution on its host by abusing localhost trust, missing authentication, and unsafe parameter handling in AutoGen Studio's MCP WebSocket. The research shows that when agents browse untrusted content and reach local services, traditional boundaries collapse. The risk compounds with orphaned agents left running after their creators leave, which carry standing privileges no one tracks. - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/ - The Hacker News: https://thehackernews.com/2026/06/orphaned-ai-agents-how-to-find-hidden.html 4. INC RANSOMWARE TOPS 830 VICTIMS Ransomware and Cybercrime · [ransomware, raas] Latest developments: Acronis charted INC's rise to at least 830 victims since August 2023, crediting affiliates who migrated after the disruption of LockBit and the shutdown of BlackCat. INC operates as a ransomware-as-a-service business that has become one of 2026's most prolific extortion groups, favoring healthcare and other sectors where disruption forces a fast payout. Defenders should harden remote access and segment recovery backups. - The Hacker News: https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html 5. POPA BOTNET TIED TO NASDAQ-LISTED ALARUM Ransomware and Cybercrime · [botnet, cybercrime] Latest developments: Researchers from multiple firms concluded that the four-year-old Popa botnet, which forces millions of consumer Android TV boxes to relay traffic for advertising fraud, account takeovers, and mass scraping, links to NetNut, a residential-proxy provider run by publicly traded Israeli firm Alarum Technologies Ltd. Popa converts compromised TV boxes into exit nodes for paying proxy customers, hiding malicious traffic behind ordinary home IP addresses. The finding ties a commercial residential-proxy business to a long-running consumer-device botnet. - Krebs on Security: https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/ 6. CHINA'S UNC6508 HUNTS OUTDATED REDCAP SERVERS Nation-State Activity · [apt, china] Latest developments: SecurityWeek reported that most internet-accessible REDCap research-data servers run outdated software, and that China-linked UNC6508 regularly targets them for initial access and backdoor deployment. REDCap is a widely used clinical and research data-capture platform run by universities and medical institutions. Operators should update to current releases and pull exposed instances behind authentication to deny UNC6508 a foothold. - SecurityWeek: https://www.securityweek.com/majority-of-internet-accessible-redcap-servers-outdated/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Burnham Wins By-Election, Eyes Starmer's Job Latest developments: Andy Burnham won the Makerfield by-election on June 19, taking a Commons seat that lets him challenge Keir Starmer for the Labour leadership, and Starmer said he would stand in any contest; ten-year gilt yields rose 6.5 basis points to 4.809%. Greater Manchester mayor Andy Burnham defeated Nigel Farage's Reform UK in the Makerfield special election, returning to Parliament with a platform to mount a leadership challenge against Prime Minister Keir Starmer, a fight that would reshape British government as May public-sector borrowing hit £23.3 billion. - WSJ World News: https://www.wsj.com/world/uk/rebel-lawmaker-set-to-try-a-knockout-blow-to-u-k-s-starmer-75ff91ab - FT World: https://www.ft.com/content/095b3f3d-8c66-46fa-bb2a-1b8186f3f054 - The Economist: https://www.economist.com/britain/2026/06/19/andy-burnham-is-now-britains-prime-minister-in-waiting * Iran Talks Stall, Vance Cancels Switzerland Trip Latest developments: Vice President JD Vance called off his trip to Switzerland and Iran postponed the nuclear negotiations after Israeli strikes on southern Lebanon, casting doubt on Wednesday's interim accord and pushing Brent crude back above $80 a barrel. The United States and Iran signed an interim deal on June 17 to end their war and reopen the Strait of Hormuz, and the U.S. Navy has since let more than a dozen ships reach Iranian ports, while the Pentagon told lawmakers it needs $80 billion to cover the war's costs. - FT World: https://www.ft.com/content/9cd814af-6144-4646-ad1c-a6292391e613 - WSJ Markets: https://www.wsj.com/finance/commodities-futures/oil-falls-on-signs-of-strait-of-hormuzs-reopening-e18fac1e?mod=rss_markets_main - WSJ Politics: https://www.wsj.com/politics/national-security/pentagon-tells-lawmakers-it-needs-80-billion-for-iran-war-and-other-bills-c4b8ff91 PITTSBURGH ---------------------------------------------------------------- Weather: Juneteenth: Mostly Sunny then Slight Chance Rain Showers, high 78F. Tonight: Mostly Clear, low 58F. Saturday: Mostly Sunny then Slight Chance Showers And Thunderstorms, high 78F. Business: * PRT Keeps Bus Service at the Waterfront Latest developments: Pittsburgh Regional Transit starts serving two new stops at the Waterfront shopping center in Homestead on Sunday, the result of a fall agreement that reversed the center's move to push buses off the property near Target and Giant Eagle. Pittsburgh Regional Transit and the Waterfront's management settled a fight over bus access to the Homestead retail complex, and the agency will begin using two relocated stops this weekend, preserving service for the shoppers and workers who reach the stores by transit. - KDKA: https://www.cbsnews.com/pittsburgh/news/prt-to-begin-serving-new-bus-stops-at-the-waterfront-this-weekend/ * Nine-Story Tower Proposed on Mt. Washington Latest developments: WPXI reports some neighbors now oppose the nine-story residential building a developer wants to raise at 301 Grandview Avenue, a project that still requires demolishing the church on the lot. A developer has proposed a nine-story apartment building at 301 Grandview Avenue atop Mt. Washington, a high-profile site along the Grandview promenade overlooking downtown Pittsburgh, and the plan would tear down the church that occupies the lot. - WPXI: https://www.wpxi.com/news/local/9-story-high-rise-planned-site-mt-washington-church-though-some-neighbors-not-sold/QNMFSP32QFGMVIPTJFUOIXOPOI/ Around town: * City Adds $800,000 for Homeless Street Outreach Latest developments: Pittsburgh is directing $800,000 to its Roots street outreach team to expand support for homeless residents, though advocates told the Post-Gazette that significant gaps in services remain. Pittsburgh's Roots street outreach team, which works directly with people living unsheltered across the city, will receive $800,000 in new funding, money advocates welcome even as they warn it falls short of the need. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/social-services/2026/06/19/pittsburgh-roots-street-outreach/stories/202606160038 * Pittsburgh Expands Dolly Parton's Imagination Library Latest developments: Pittsburgh first lady Katie O'Connor announced Thursday in Carrick that the city, backed by Benter Foundation funding, is widening its rollout of Dolly Parton's Imagination Library to reach more children. Dolly Parton's Imagination Library mails free books each month to enrolled children, and Pittsburgh is enrolling more families citywide with Benter Foundation support to lift early literacy. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-expands-dolly-parton-imagination-library/ * Rodef Shalom and Temple Sinai Merge as Beit Kulanu Latest developments: In a Post-Gazette conversation, Rabbi Daniel Fellman described the merger of Pittsburgh's Rodef Shalom and Temple Sinai congregations into a single Reform community, Beit Kulanu, which he calls 'a house for all peoples.' Two longtime Pittsburgh Reform Jewish congregations, Rodef Shalom and Temple Sinai, are combining into one community named Beit Kulanu under Rabbi Daniel Fellman, consolidating membership and worship under a single roof. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/19/rodef-shalom-temple-sinai-judaism-congregation-merger-beit-kulanu/stories/202606210032 Events: * Western Pa. Juneteenth and Black Music Celebration Latest developments: The four-day festival continues through Sunday, June 21, with the Juneteenth holiday itself falling on Friday, June 19. The Western Pennsylvania Juneteenth and Black Music Celebration, the largest Juneteenth festival in North America, runs Thursday through Sunday, June 18 to 21, from 11 a.m. to 10 p.m. across Point State Park, Market Square, and Liberty Avenue downtown; Stop the Violence Pittsburgh presents the 161st-anniversary event. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-18-21-2026/ * Plum Summerfest at Larry Mills Park Latest developments: Plum's Summerfest opens this weekend at Larry Mills Park with a Ferris wheel, fishing games, funnel cakes, and corn dogs. Summerfest, Plum's community fair, sets up at Larry Mills Park this weekend with carnival rides including a Ferris wheel, fishing games, and fair food such as funnel cakes and corn dogs. - TribLive: https://triblive.com/local/valley-news-dispatch/plum-summerfest-event-kicks-off-at-larry-mills-park/ SPORTS ---------------------------------------------------------------- Pirates (38-37) Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM https://plaintextsports.com/mlb/2026-06-19/pit-col Around the Teams: * Pirates Trade Joey Bart to Braves for Hunter Stratton Latest developments: The Pirates sent catcher Joey Bart to the Atlanta Braves on Thursday night for right-handed reliever Hunter Stratton, a move the Post-Gazette frames as adding bullpen depth and clearing a logjam behind the plate. Hunter Stratton, a 2017 Pirates draft pick who pitched in Pittsburgh from 2023 to 2025 before Atlanta acquired him last summer, returns to the organization and reports to Triple-A Indianapolis, while Bart's exit thins a crowded Pirates catching picture. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/18/pirates-bart-hunter-stratton-braves-endy-davis/stories/202606180080 * Steelers Expected to Pass on Brendan Sorsby Latest developments: Post-Gazette writers say the Steelers will likely avoid quarterback Brendan Sorsby in the NFL's supplemental draft, pointing to the gambling matter that pushed him from the college ranks. Brendan Sorsby, a college quarterback who entered the NFL supplemental draft amid a gambling matter, has surfaced as a possible Steelers target; the team's beat writers expect Pittsburgh to steer clear, citing the risk and a settled quarterback room. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/16/sorsby-gambling-supplemental-draft-allar-howard/stories/202606160042 * Rookie Safety Spears-Jennings's 4.32 Forty Latest developments: A Post-Gazette feature details how rookie safety Robert Spears-Jennings ran a 4.32-second 40-yard dash at the NFL combine and turned the time into a Steelers selection. Robert Spears-Jennings, a safety the Steelers drafted, traces his rise to a 4.32-second 40-yard dash at the scouting combine, a number that vaulted him up draft boards and into Pittsburgh's plans. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/18/40yarddash-nfl-combine-spears-jennings-murphy-draft/stories/202606170001 READING ---------------------------------------------------------------- * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson talks with Michael Morton about how AI reshapes e-commerce, weighing unfalsifiable bear cases, the difference between distribution and referral models, and AI's reach into grocery and autonomous vehicles. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron publishes financials showing OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company burns cash at a pace that leaves it with no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn’t Breaking Work. It’s Already Broken. Reacting to a Financial Times interview with the Work AI Institute's Rebecca Hinds about a 6,000-person survey, Newport argues knowledge work already buckled under overload and busywork, so AI lands on a system that broke long before it arrived. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1578 ▲ +0.3% GBP/USD 1.3401 ▲ +0.3% USD/JPY 160.27 = -0.0% ================================================================ Generated 2026-06-19 06:09 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================