================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Friday, June 19, 2026 - 12:06 PM EDT ================================================================ Russian-speaking attackers' FortiBleed haul reaches 86,644 Fortinet devices as a Klue integration breach spreads to security vendors and Microsoft warns AI browsing agents can be hijacked into remote code execution. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Critical unauthenticated remote code execution keeps surfacing in core infrastructure, from the FortiBleed campaign on 86,644 FortiGate appliances to F5's CVE-2026-42530 use-after-free in NGINX Open Source. see: FortiBleed Campaign Hits 86,644 FortiGate Devices; F5 Patches Critical NGINX Open Source RCE Flaws * [TREND] Microsoft's AutoJack chain shows a single malicious webpage can drive an AI browsing agent into full host compromise, pushing defenders to treat autonomous agents as privileged identities. see: AutoJack Turns AI Browsing Agents Into RCE * [TREND] AI's business reality draws fresh scrutiny as Zitron details OpenAI's $34 billion spend, Newport argues knowledge work is already broken, and Morton weighs AI's e-commerce upheaval. see: Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion; AI Isn't Breaking Work. It's Already Broken.; An Interview with Michael Morton About E-Commerce in the Age of AI * [UPDATE (new)] Salesforce disabled the Klue Battlecards integration over the June 11 compromise, with Recorded Future joining Huntress among confirmed victims of the third abused connector. see: Klue Breach Cascades Into Salesforce Theft * [UPDATE (new)] Researchers tied the four-year-old Popa botnet of hijacked Android TV boxes to NetNut, the residential-proxy arm of publicly traded Israeli firm Alarum Technologies. see: Popa TV-Box Botnet Tied to Israel's Alarum * [UPDATE (new)] PennDOT says the controlled blast that will demolish a bridge ahead of the weeks-away Parkway East closure was engineered so the detonation spares nearby homes. see: PennDOT Readies Controlled Blast on Parkway East SECURITY ---------------------------------------------------------------- 1. KLUE BREACH CASCADES INTO SALESFORCE THEFT Data Breaches · [breach, supply-chain, saas] Latest developments: Salesforce disabled the Klue Battlecards integration over the June 11 compromise, and Recorded Future joined Huntress among confirmed victims as Klue became the third connected app abused to siphon Salesforce data. A single compromised Klue integration credential cascaded into theft of customer data across connected platforms, including Salesforce, hitting security vendors Huntress and Recorded Future; affected organizations cannot reconnect Klue to Salesforce until further notice. - SecurityWeek: https://www.securityweek.com/cybersecurity-firms-impacted-by-klue-supply-chain-attack/ - The Hacker News: https://thehackernews.com/2026/06/salesforce-disables-klue-app.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/19/klue-salesforce-data-breach-huntress/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/salesforce-data-thefts-klue-app-compromise 2. FORTIBLEED CAMPAIGN HITS 86,644 FORTIGATE DEVICES Vulnerabilities and Exploits · [vulnerability, credentials, fortinet] Latest developments: CISA, in a June 18 advisory, attributed the FortiBleed credential theft to Russian-speaking threat actors and put the tally at 86,644 compromised FortiGate appliances—roughly half the internet-accessible Fortinet firewalls and VPNs. FortiBleed leaked login credentials for tens of thousands of internet-facing Fortinet firewalls and VPN gateways; CISA urges customers to rotate credentials and harden devices. - The Hacker News: https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html - SecurityWeek: https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/ 3. AUTOJACK TURNS AI BROWSING AGENTS INTO RCE AI Security · [ai, rce, agent] Latest developments: Microsoft detailed AutoJack, an exploit chain in which one malicious webpage drives an AI browsing agent into remote code execution on the host by abusing localhost trust and AutoGen Studio's unauthenticated MCP WebSocket. As enterprises grant AI agents broad system access, a single page or unmanaged agent identity can pivot to host compromise or data exfiltration; treat agents as privileged identities and lock down the local services they reach. - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/every-ai-agent-is-an-identity-most-organizations-dont-treat-them-that-way/ 4. POPA TV-BOX BOTNET TIED TO ISRAEL'S ALARUM Ransomware and Cybercrime · [botnet, fraud, android] Latest developments: Researchers linked the four-year-old Popa botnet—millions of hijacked Android TV boxes relaying traffic for ad fraud, account takeovers, and scraping—to NetNut, the residential-proxy arm of publicly traded Israeli firm Alarum Technologies. Popa conscripts consumer TV boxes into a residential proxy network used for fraud and mass data scraping; its tie to a NASDAQ-listed proxy provider raises questions about the legitimacy of the residential-proxy industry. - Krebs on Security: https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/ - SecurityWeek: https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/ 5. F5 PATCHES CRITICAL NGINX OPEN SOURCE RCE FLAWS Vulnerabilities and Exploits · [vulnerability, patch, rce] Latest developments: F5 shipped fixes for two critical NGINX Open Source flaws, including CVE-2026-42530, a CVSS 9.2 use-after-free in the ngx_http_v3_module that a remote unauthenticated attacker can trigger for code execution. NGINX Open Source powers a large share of the world's web servers; operators should apply F5's updates promptly to close the unauthenticated remote code execution path. - The Hacker News: https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html 6. CHINA-LINKED UNC6508 TARGETS OUTDATED REDCAP SERVERS Nation-State Activity · [apt, china, backdoor] Latest developments: SecurityWeek reported that most internet-accessible REDCap research-data servers run outdated software that China-linked UNC6508 regularly exploits for initial access and backdoor deployment. REDCap is a widely used research data-collection platform across universities and hospitals; administrators should update internet-facing instances to block UNC6508 intrusions. - SecurityWeek: https://www.securityweek.com/majority-of-internet-accessible-redcap-servers-outdated/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Iran Talks Postponed, Israel and Hezbollah Renew Ceasefire Latest developments: Israel struck targets across southern Lebanon overnight and Iran fired warning shots in the Strait of Hormuz, prompting Tehran to push back the U.S.-Iran nuclear talks in Switzerland—Vice President JD Vance's fueled plane never left—before Israel and Hezbollah agreed Friday to renew their ceasefire and oil eased on hopes the wider accord survives. The United States and Iran are negotiating a 60-day interim deal to end their war, reopen the Strait of Hormuz, and release $6 billion in Iranian funds frozen in Qatar; renewed fighting in Lebanon now threatens that timetable and keeps Gulf oil shipping on edge. - WSJ World News: https://www.wsj.com/world/middle-east/how-fresh-middle-east-violence-scuttled-the-next-phase-of-iran-talks-8c7c0c80 - WSJ World News: https://www.wsj.com/world/middle-east/israel-hezbollah-clashes-put-iran-deal-under-early-pressure-0aa5ae90 PITTSBURGH ---------------------------------------------------------------- Weather: Juneteenth: Slight Chance Rain Showers, high 78F. Tonight: Mostly Clear, low 58F. Saturday: Mostly Sunny then Slight Chance Showers And Thunderstorms, high 78F. Business: * Lautrec to Reopen at Nemacolin Latest developments: Lautrec, the French fine-dining room at the Nemacolin resort in Farmington, Fayette County, reopens this July with a reimagined menu and an evening rebuilt around course-by-course theatrical spectacle. Nemacolin is relaunching its storied French restaurant Lautrec in July, reworking both the food and the choreography of its multi-course dinner service. - Pittsburgh Magazine: https://www.pittsburghmagazine.com/dining-as-theater-lautrec-reopens-at-nemcolin/ * Former Heinz Estate Lists in Highland Park Latest developments: A one-time Heinz-family estate in Pittsburgh's Highland Park neighborhood has come on the market, TribLive reports. A historic home tied to the Heinz family is now listed for sale in Highland Park, on Pittsburgh's east end. - TribLive: https://triblive.com/local/former-heinz-owned-estate-for-sale-in-highland-park/ Around town: * Imagination Library Expands in Pittsburgh Latest developments: The City of Pittsburgh and Reading Ready Pittsburgh announced Thursday they are expanding Dolly Parton's Imagination Library, unveiling the growth at the Phillips Recreation Center in Carrick. Dolly Parton's Imagination Library mails a free book each month to enrolled children from birth to age five; the expansion widens local enrollment through Reading Ready Pittsburgh. - WPXI: https://www.wpxi.com/news/local/dolly-partons-imagination-library-program-expand-pittsburgh-boosting-kids-access-books/TPE7E3AACFD7LPX2FLTLI2TIF4/ * PennDOT Readies Controlled Blast on Parkway East Latest developments: With the Parkway East closure weeks away, PennDOT said the controlled blast that will demolish a bridge has been engineered so the detonation will not affect nearby homes. PennDOT plans to fully close the Parkway East and bring down a bridge by controlled blast, part of the bridge work that will also shut Commercial Street beneath the highway. - WTAE: https://www.wtae.com/article/parkway-east-controlled-blast-nearby-neighborhoods/71636824 Events: * Palace Theatre Marks Its Centennial Latest developments: The century-old Palace Theatre in downtown Greensburg is celebrating 100 years with a time capsule and a LeAnn Rimes concert. Greensburg's Palace Theatre, in Westmoreland County, is staging a centennial celebration that includes a time capsule and a headlining performance by country singer LeAnn Rimes. - WPXI: https://www.wpxi.com/news/local/palace-theatre-greensburg-celebrate-100-years-with-time-capsule-leann-rimes-concert/5FC3M76MZFEMLDPYKGS7E244SU/ * Winona Fighter Plays the Roxian Latest developments: Punk band Winona Fighter, fronted by Coco Kinnon, brings the idobi Radio Summer School tour to the Roxian Theatre in McKees Rocks. Winona Fighter, with new music in hand, headlines a stop on the idobi Radio Summer School tour at the Roxian Theatre in McKees Rocks. - TribLive: https://triblive.com/aande/music/qa-winona-fighters-coco-kinnon-talks-new-music-summer-school-tour-ahead-of-roxian-stop/ SPORTS ---------------------------------------------------------------- Pirates (38-37) Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM https://plaintextsports.com/mlb/2026-06-19/pit-col Around the Teams: * Steelers Expected to Pass on Sorsby Latest developments: The Post-Gazette's Gerry Dulac writes the Steelers are unlikely to bid on quarterback Brendan Sorsby in the NFL's supplemental draft, pointing to the gambling matter that pushed him there. Brendan Sorsby, a college quarterback entering the league through the supplemental draft after a gambling issue, holds little appeal for a Steelers quarterback room coach Mike McCarthy is still sorting. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/16/sorsby-gambling-supplemental-draft-allar-howard/stories/202606160042 - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/17/nfl-news-rumors-brendan-sorsby/stories/202606170039 * Spears-Jennings Built His Case in 4.32 Seconds Latest developments: A Post-Gazette feature traces how Steelers rookie safety Robert Spears-Jennings reshaped his draft stock with a 4.32-second 40-yard dash at the NFL combine. Robert Spears-Jennings, a rookie safety for the Steelers, turned a blazing 4.32-second 40 at the combine into a higher draft trajectory. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/18/40yarddash-nfl-combine-spears-jennings-murphy-draft/stories/202606170001 * SNR Drive Builds an All-Time Non-HOF Steelers Team Latest developments: On the June 17 SNR Drive, Matt Williamson and Wes Uhler assembled a team of the best Steelers who never reached the Hall of Fame and broke down running back Jaylen Warren's game. The Steelers' SNR Drive podcast, hosted by Matt Williamson and Wes Uhler, picked top Steelers left out of Canton across offense and defense and analyzed current back Jaylen Warren. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=QcqN-zNm9c0 READING ---------------------------------------------------------------- * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson interviews Michael Morton on how AI reshapes e-commerce, weighing unfalsifiable bear cases, distribution versus referral models, grocery, and autonomous vehicles. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Ed Zitron -- Exclusive: OpenAI Losses Increased Nearly 8X in 2025, With Spending Hitting $34 Billion Zitron reports OpenAI's losses grew nearly eightfold in 2025 as spending reached $34 billion, arguing the company still has no path to profitability. https://www.wheresyoured.at/exclusive-openai-financials/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Newport argues AI is exposing dysfunction already baked into knowledge work, riffing on a Financial Times interview with the Work AI Institute's Rebecca Hinds about a survey of 6,000 digital workers. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1578 ▲ +0.3% GBP/USD 1.3401 ▲ +0.3% USD/JPY 160.27 = -0.0% ================================================================ Generated 2026-06-19 12:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================