daily plain-text briefing: security, markets, business, and pittsburgh
A critical unauthenticated remote-code-execution flaw in Splunk Enterprise drew in-the-wild attacks and a three-day federal patch order, even as a Texas vendor breach spilled three million driver's licenses and an unpatchable silicon exploit cracked older iPhones.
Latest developments: CISA added CVE-2026-20253, a critical unauthenticated remote-code-execution flaw in Splunk Enterprise, to its known exploited vulnerabilities catalog and gave federal civilian agencies until June 21, 2026, to apply mitigations after Splunk and Resecurity confirmed in-the-wild exploitation.
The bug lets a remote attacker run code without authenticating, opening the door to full system compromise of the log-analytics platform many enterprises use as their security backbone. Resecurity urged operators to patch immediately and hunt for indicators of compromise in request logs.
Sources: Help Net Security · BleepingComputer · SecurityWeek · ↑ top
Latest developments: Huntress published a detailed June 18 post-mortem calling the incident a security domino effect in which one compromised Klue integration credential cascaded into data theft across connected platforms including Salesforce, while Recorded Future joined as a confirmed victim and Salesforce disabled the Klue Battlecards integration.
Klue, a competitive-intelligence platform that wires CRM and sales data across business tools, became the entry point for attackers who exfiltrated data from customers' Salesforce instances. Salesforce customers cannot reconnect the app until further notice.
Sources: Help Net Security · SecurityWeek · The Hacker News · ↑ top
Latest developments: Token Security and BleepingComputer argued that AI agents now access data, trigger workflows, and deploy code with almost no oversight, making them an unmanaged identity class, while The Hacker News reframed shadow AI as an access-control problem rather than a data-leakage one.
Enterprises that bolted AI agents onto production systems gave them broad reach without the identity, credential, and blast-radius controls applied to human accounts. Researchers warn that this gap, the same trust boundary the AutoJack exploit abuses, demands agent governance now.
Sources: BleepingComputer · The Hacker News · ↑ top
Latest developments: Researchers at Paradigm Shift published usbliter8, a working exploit that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips, code burned into silicon at manufacture that no software update can reach.
The flaw permanently affects iPhones and iPads built on the A12 and A13 processors for as long as those devices stay in use. It is not a remote attack; it requires physical USB access to the device.
Sources: The Hacker News · ↑ top
Latest developments: The Texas Parks and Wildlife Department disclosed a breach at the vendor running its hunting and fishing license system, exposing personal information, including driver's license data, for more than three million individuals.
The compromise hit a third-party processor rather than the agency's own systems, the latest case of a state government's outsourced platform leaking residents' identity documents. Affected license holders face heightened identity-theft and phishing risk.
Sources: BleepingComputer · ↑ top
Latest developments: Check Point researchers exposed a campaign that inflated GitHub activity, planted software reviews and YouTube tutorials, and seeded favorable VirusTotal comments to make malicious cryptocurrency sniper bots and gambling predictors look trustworthy.
The attackers packaged the malware as money-making tools and manufactured a veneer of legitimacy across the platforms victims trust to vet software. Users who installed the bots and predictors instead surrendered their cryptocurrency.
Sources: Help Net Security · ↑ top
Juneteenth: Isolated Rain Showers, high 79F.
Tonight: Isolated Rain Showers then Mostly Clear, low 57F.
Saturday: Mostly Sunny then Chance Showers And Thunderstorms, high 78F.
Latest developments: Schwebel Baking Company announced Friday it will wind down operations and pursue a formal liquidation in the coming weeks.
Youngstown-based Schwebel Baking Company, whose bread fills grocery shelves across western Pennsylvania, blamed aging plants and equipment, costly labor contracts, and years of financial strain for the shutdown.
Sources: KDKA · Pittsburgh Post-Gazette · ↑ top
Latest developments: Troy Schooley will step down as head of P3R to launch his own sports-management firm.
P3R, the Pittsburgh event-management organization that runs the annual Pittsburgh Marathon and helped stage the 2026 NFL Draft, loses Troy Schooley after more than a decade shaping the city's running and sports-event calendar.
Sources: Pittsburgh Magazine · ↑ top
Latest developments: The Citizen Science Lab opened its renovated home along the Herron Avenue corridor.
The new Citizen Science Lab building adds laboratories, meeting spaces, and an attached greenhouse, which backers hope will lift the Herron Avenue corridor.
Sources: Pittsburgh City Paper · ↑ top
Latest developments: Detective Dorothea Leftwich launched 'Riding Into the Future,' a free horseback-riding and leadership program for Pittsburgh children.
Leftwich, the Pittsburgh Bureau of Police's first Black female mounted patrol detective, built the program to give inner-city kids access to horses and mentorship.
Latest developments: WTAE meteorologists flagged Monday, June 22, as an impact day for heavy rain across western Pennsylvania.
Isolated showers linger through the weekend before a wetter system arrives Monday, prompting the impact-day designation.
Latest developments: The four-day Juneteenth festival is underway downtown through Sunday, June 21.
The Western PA Juneteenth and Black Music Celebration, billed as North America's largest Juneteenth festival, runs Thursday through Sunday, June 18-21, from 11 a.m. to 10 p.m. across Point State Park, Market Square, and Liberty Avenue, presented free by Stop the Violence Pittsburgh.
Sources: NEXTpittsburgh Events · ↑ top
Latest developments: DJ Pauly D joined the July 5 bill alongside country singer Brett Young for the free World Cup Fan Zone.
The free Pennsylvania World Cup Fan Zone at Acrisure Stadium on Pittsburgh's North Shore stages performances by DJ Pauly D and Brett Young on Sunday, July 5.
Pirates (38-37)
Up Next · Pirates @ Rockies · Fri Jun 19, 8:40 PM
Latest developments: The Pirates dealt catcher Joey Bart to the Braves for reliever Hunter Stratton, adding bullpen help and clearing their catching logjam.
Post-Gazette beat writers report the trade reshapes the catching depth chart and addresses a bullpen the team has struggled to repair, while a follow-up mailbag weighs the path forward at catcher and whether Marcell Ozuna returns.
Sources: Post-Gazette Pirates · Post-Gazette Pirates · ↑ top
Latest developments: Post-Gazette beat writer Christopher Carter fielded questions on the Steelers' roster heading toward training camp in his June 18 chat.
Carter took reader questions on cornerback Joey Porter Jr., edge rusher T.J. Watt, cornerback Jalen Ramsey, quarterback Aaron Rodgers, and coach Mike McCarthy as the team approaches camp at Saint Vincent College.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: A calf injury ruled Christian Pulisic out of the U.S. men's World Cup group match against Australia on Friday, with Ricardo Pepi starting in his place.
The United States, co-hosting the 2026 World Cup, lost captain Christian Pulisic for the group-stage clash with Australia at Lumen Field in Seattle.
Sources: ESPN Soccer · ↑ top
Latest developments: U.S. Olympic 1,500-meter bronze medalist Jenny Simpson showed 'encouraging improvement' after collapsing while pacing a mile group at a Raleigh event this week.
Simpson, a former world champion in the 1,500 meters, remained under medical care Thursday following the collapse.
Sources: ESPN Olympics · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1578 ▲ +0.3% GBP/USD 1.3401 ▲ +0.3% USD/JPY 160.27 = -0.0%