daily plain-text briefing: security, markets, business, and pittsburgh
A Russian-speaking credential-theft campaign dubbed FortiBleed has compromised 86,644 Fortinet devices, about half the internet-facing fleet, as Microsoft's AutoJack research exposes AI browsing agents as a fresh path to host code execution.
Latest developments: CISA on June 19 urged FortiGate owners to act as the compromised-device count reached 86,644, roughly half the internet-accessible Fortinet firewalls and VPNs, blamed the sweep on Russian-speaking actors, and Palo Alto Networks Unit 42 published guidance for preparing against large-scale credential attacks.
FortiBleed is a mass credential-theft campaign harvesting login data from internet-facing Fortinet FortiGate firewalls and VPN gateways across government and private networks. Operators should rotate every credential and harden exposed devices.
Sources: The Hacker News · SecurityWeek · Unit 42 (Palo Alto) · ↑ top
Latest developments: French President Emmanuel Macron urged the world's wealthy democracies to cooperate on regulating advanced AI and asked the United States to share its cutting-edge systems, the same day Bruce Schneier argued that Washington's export ban on Anthropic's Fable model fails because the broad trend of rising AI capability drives the danger.
Governments are scrambling to govern frontier models after the U.S. classified Anthropic's Fable as an export-controlled munition and cut off foreign access. Policymakers face pressure to coordinate rules rather than wall off individual models.
Sources: SecurityWeek · Schneier on Security · ↑ top
Latest developments: Klue publicly confirmed that attackers stole OAuth tokens connecting to customers' Salesforce environments as a new extortion crew calling itself Icarus claimed the attack and the victim list kept growing, with Huntress detailing on June 18 how one compromised integration credential cascaded into customer-data theft across connected platforms.
Klue is a market-intelligence platform that integrates CRM and sales data across business tools, and its breach spilled connected-Salesforce data for victims including Huntress and Recorded Future. Affected customers should revoke Klue OAuth tokens and audit Salesforce access logs.
Sources: BleepingComputer · Help Net Security · ↑ top
Latest developments: Threat actors are exploiting an unauthenticated information-disclosure vulnerability in the Gravity SMTP WordPress plugin, which runs on 100,000 sites, to pull sensitive data without logging in.
Gravity SMTP routes outbound mail for WordPress sites, and the flaw exposes information to any anonymous visitor. Administrators should update the plugin immediately and review logs for unauthorized access.
Sources: BleepingComputer · ↑ top
Latest developments: Microsoft researchers disclosed AutoJack, an exploit chain that steers an AI browsing agent to an attacker's web page whose JavaScript reaches a privileged local service on the same machine and spawns a process on the host, requiring no credentials, no sign-in, and no further user interaction once the agent loads the page.
AutoJack converts agentic browsers into remote-code-execution delivery vehicles on the user's own computer. Teams deploying AI browsing agents should wall the agents off from privileged local services.
Sources: The Hacker News · ↑ top
Latest developments: SecurityWeek detailed CryptoBandits, malware that pairs cryptocurrency theft with a backdoor, routing its traffic through a local SOCKS5 proxy and abusing Tor to enable remote code execution on infected machines.
CryptoBandits steals cryptocurrency while granting attackers hidden remote control over the victim's system through Tor-anonymized channels. Defenders should watch for unexpected local SOCKS5 proxies and Tor connections.
Sources: SecurityWeek · ↑ top
Latest developments: Israel and Hezbollah agreed a renewed ceasefire Friday after fighting killed four Israeli soldiers and dozens in Lebanon, and Washington postponed the next phase of Iran negotiations when Vice President JD Vance scrapped his Switzerland trip, pushing oil lower.
The U.S.-Iran accord signed June 18 reopened the Strait of Hormuz and cleared Tehran to sell oil on the open market for the first time since 2018; fresh Israel-Hezbollah combat in Lebanon now imperils the deal's nuclear-talks phase that Vance planned to attend.
Sources: WSJ World News · FT World · WSJ World News · ↑ top
Latest developments: Andy Burnham won the Makerfield by-election Friday over Nigel Farage's Reform UK, intensifying pressure on Prime Minister Keir Starmer to resign as Labour MPs warn they will lose their seats and bond markets seek reassurance over worsening UK finances.
Outgoing Greater Manchester mayor Andy Burnham beat Reform UK in the Makerfield by-election, casting himself as Starmer's likeliest successor; the Labour leadership crisis lands as UK public finances deteriorate and gilt investors look for stability.
Sources: FT World · FT World · ↑ top
Today: Mostly Sunny then Chance Showers And Thunderstorms, high 78F.
Tonight: Slight Chance Showers And Thunderstorms then Partly Cloudy, low 58F.
Sunday: Mostly Sunny, high 82F.
Latest developments: Time placed Chad Houser, founder and chief executive of Café Momentum, on its inaugural Visionaries list recognizing leaders driving impact in children's lives.
Café Momentum, a downtown Pittsburgh restaurant that hires and mentors justice-involved young people and ranks among western Pennsylvania's best per the Post-Gazette, earned national recognition for founder Chad Houser's work.
Latest developments: A Post-Gazette analysis found most Pittsburgh-area communities have shed residents and argues the decline may carry an upside for the region.
The Post-Gazette examined population trends across the Pittsburgh metropolitan area, documenting steady resident losses in most municipalities and making the case that shrinkage need not signal regional failure.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: The National Aviary on Pittsburgh's North Side introduced a harpy eagle, which staff call a once-in-a-lifetime species to see.
The National Aviary, the country's only independent nonprofit zoo dedicated to birds, added a harpy eagle—one of the world's largest and most powerful raptors—to its North Side collection.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Allegheny Health Network's West Penn Hospital announced Friday it recently delivered four sets of triplets, all cared for in its Level 3 neonatal intensive care unit.
West Penn Hospital in Bloomfield, which operates a Level 3 NICU, welcomed four sets of triplets in a short span, sending the newborns for added support before they went home with their families.
Latest developments: The McKees Rocks Police Department said it has answered several 'teen takeovers' at vacant properties, part of a trend spreading across the country.
Police in McKees Rocks, the Allegheny County borough along the Ohio River, reported responding to large unplanned youth gatherings at empty buildings and weighed how to manage them.
Latest developments: The inaugural South Side Street Fest opens tonight, Saturday, June 20, with East Carson Street closing for live music and entertainment from 10 p.m. to 2 a.m.
The South Side Hospitality Partnership holds the first South Side Street Fest on Saturday, June 20, 2026, shutting East Carson Street in the South Side to traffic for live music from 10 p.m. to 2 a.m.; Pennsylvania granted $125,000 to fund private security for the adults-only event.
Latest developments: The Western PA Juneteenth and Black Music Celebration stages its downtown parade Saturday, June 20, with festival programming at Point State Park and Market Square running through Sunday, June 21.
Stop the Violence Pittsburgh's four-day Western PA Juneteenth and Black Music Celebration, billed as the largest in North America, runs 11 a.m. to 10 p.m. at Point State Park, Market Square, and along Liberty Avenue downtown through Sunday, June 21, with a parade Saturday, June 20.
Sources: WTAE · NEXTpittsburgh Arts & Entertainment · ↑ top
Pirates (38-38)
Fri Jun 19 · Pirates 3 · Rockies 4 · Final
Fulford's pinch 2-run double in 8th lifts Rockies past Pirates 4-3, Freeland reaches 1,000 Ks
Up Next · Pirates @ Rockies · Sat Jun 20, 9:10 PM
Latest developments: A June 19 Post-Gazette mailbag laid out how the Pirates fill catcher after dealing Joey Bart to Atlanta, leaning on Henry Davis and Endy Rodriguez, and weighed whether designated hitter Marcell Ozuna returns.
Following the June 18 trade that sent catcher Joey Bart to the Braves for reliever Hunter Stratton, Post-Gazette beat writers fielded reader questions on Pittsburgh's catching depth and Marcell Ozuna's future with the club.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: On the June 19 SNR Drive, Steelers analysts Matt Williamson and Wes Uhler broke down ESPN's Ben Solak on five 2025 breakout candidates and five 'cliff falls,' surveyed leaguewide trade candidates, and answered a Steelers Q&A heading into 2026.
The Pittsburgh Steelers' SNR Drive show, hosted by Matt Williamson and Wes Uhler, dissected projected NFL risers and decliners and ran a viewer question session on the team's roster ahead of training camp.
Sources: Pittsburgh Steelers (YouTube) · ↑ top
Latest developments: The U.S. men beat Australia 2-0 in Seattle on Friday without the injured Christian Pulisic, clinching a Round of 32 berth and topping Group D after Paraguay edged Turkey 1-0.
The United States men's national team, co-hosting the 2026 World Cup, defeated Australia 2-0 in Seattle to advance from the group stage; a calf injury kept captain Christian Pulisic out as Ricardo Pepi and the supporting cast carried the attack.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
Latest developments: U.S. defender Alex Freeman, the 21-year-old son of former Packers receiver Antonio Freeman, scored his first international goal in Friday's win over Australia, a strike VAR confirmed onside.
Alex Freeman put the U.S. up 2-0 against Australia in Seattle, scoring on the same field where his father, Antonio Freeman Jr., starred for the Green Bay Packers, a moment Freeman called a full-circle family one.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
Latest developments: Kate Douglass broke the women's 50-meter freestyle world record Friday, winning the TYR Pro Swim Series final in 23.59 seconds.
U.S. Olympic swimmer Kate Douglass clocked 23.59 in the 50-meter freestyle at the TYR Pro Swim Series, bettering the 23.61 mark Sweden's Sarah Sjostrom set in July 2023.
Sources: ESPN Olympics · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1%