daily plain-text briefing: security, markets, business, and pittsburgh
Attackers exploit a WordPress mail plugin on 100,000 sites to harvest API keys, ransomware crews refine EDR-killing toolkits, and imposter scams drain $3.5 billion from Americans.
Latest developments: Researchers assigned the flaw CVE-2026-4020, a medium-severity (CVSS 5.3) unauthenticated information-disclosure bug, and confirmed it leaks configuration data, API keys, secrets, and OAuth tokens from the 100,000 sites running the Gravity SMTP plugin.
Gravity SMTP routes outbound email for WordPress sites, and the flaw lets anyone extract stored credentials without authenticating. Site owners should apply the patched version immediately and rotate every exposed key and token.
Sources: The Hacker News · BleepingComputer · ↑ top
Latest developments: Apple is changing its Hide My Email feature so websites can detect and reject its anonymous relay addresses, letting sites block anonymous sign-ups and making private registration harder for users.
Hide My Email generates disposable addresses that forward to a user's real inbox, and the change undercuts that shield for people who rely on it. Privacy-focused users should weigh independent email-masking services.
Sources: Graham Cluley · Wired Security · ↑ top
Latest developments: The Hacker News detailed how the Gentlemen ransomware-as-a-service operation builds and maintains GentleKiller, a framework of endpoint-detection killers that targets more than 400 security processes and folds in third-party utilities, then ships the suite to affiliates to disable defenses before deploying the encryptor.
Gentlemen centrally develops defense-evasion tooling so affiliates can blind endpoint protection across dozens of products ahead of encryption. Defenders should harden security-process integrity and alert on unauthorized EDR tampering.
Sources: The Hacker News · ↑ top
Latest developments: The Federal Trade Commission reported that imposter scams—criminals posing as banks, government agencies, and other trusted institutions—cost Americans $3.5 billion in 2025, and it warned the losses keep climbing.
Fraudsters impersonate institutions a victim already trusts to extract money and personal data. Consumers should verify any urgent request through a known channel and avoid acting on unsolicited calls, texts, or emails.
Sources: Graham Cluley · ↑ top
Latest developments: The U.S. Department of Transportation closed its investigation into Delta Air Lines' handling of the 2024 CrowdStrike software outage that grounded flights and stranded passengers for days.
The faulty CrowdStrike update crippled Windows systems worldwide and hit Delta's operations hardest, drawing a federal review of the carrier's response. The DOT's closure ends that regulatory inquiry.
Sources: SecurityWeek · ↑ top
Latest developments: Fighting flared again in southern Lebanon Saturday despite the renewed Israel-Hezbollah ceasefire struck Thursday, and the United States and Qatar advanced a separate plan to unlock billions in frozen Iranian funds for humanitarian spending.
Israel and Hezbollah resumed cross-border clashes days after agreeing a truce that killed four Israeli soldiers and dozens in Lebanon, threatening the reopening of the Strait of Hormuz and the U.S.-Iran accord that lets Tehran sell oil on the open market for the first time since 2018. Oil prices swung as traders measured the deal's fragility while Washington and Doha worked to free Iranian cash held abroad.
Sources: WSJ World News · FT World · WSJ World News · ↑ top
Today: Mostly Sunny then Chance Showers And Thunderstorms, high 78F.
Tonight: Slight Chance Showers And Thunderstorms then Partly Cloudy, low 58F.
Sunday: Mostly Sunny, high 82F.
Latest developments: A TribLive report details how Pennsylvania's coal-waste mounds could yield billion-dollar rare-earth deposits, pointing to a gob pile off a gravel road in Conemaugh Township, Indiana County.
The coal refuse disposal areas miners call gob or boney, scattered across western Pennsylvania, hold rare-earth minerals that companies now see as a billion-dollar opportunity. Conemaugh Township in Indiana County holds one such artificial mountain on the western edge of the county.
Latest developments: Greensburg resident Zara Wan opened Cafe Zara, a Middle Eastern cafe along New Alexandria Road, in May.
Zara Wan, who manages chronic health conditions she refuses to let define her, opened the Middle Eastern cafe Cafe Zara in May along New Alexandria Road in Greensburg, Westmoreland County.
Latest developments: A TribLive report finds property-tax assessment challenges across Allegheny County are forcing tax hikes, staff attrition, and delayed construction in school districts countywide.
Property-tax appeals are eroding revenue for Allegheny County school districts in every corner of the county, pushing boards to raise taxes, lose staff, and postpone building projects.
Latest developments: A TribLive report finds Alle-Kiski Valley senior centers, including Riverview Community Action Corp, struggling to stay open amid budget pressure.
Senior community centers in the Alle-Kiski Valley face mounting budget struggles that threaten programs and daily gathering spots; regulars such as Cheryl Ann Callahan, who has visited Riverview Community Action Corp almost daily for six years, depend on them for far more than bingo.
Latest developments: TribLive reports that a JAMA study finds Western Pennsylvania and national families increasingly decline newborn vitamin K shots, with refusal rates rising from 2.9% to 5.2% over eight years.
Vitamin K shots prevent bleeding complications in newborns, yet a study in JAMA shows refusals climbing from 2.9% to 5.2% in eight years, part of a broader retreat from preventive infant care that worries western Pennsylvania pediatricians.
Pirates (38-38)
Fri Jun 19 · Pirates 3 · Rockies 4 · Final
Fulford's pinch 2-run double in 8th lifts Rockies past Pirates 4-3, Freeland reaches 1,000 Ks
Up Next · Pirates @ Rockies · Sat Jun 20, 9:10 PM
Latest developments: A Post-Gazette profile recounts how rookie safety Robert Spears-Jennings's 4.32-second forty-yard dash at the NFL scouting combine remade his draft stock and landed him with the Steelers.
The Post-Gazette traced Steelers rookie safety Robert Spears-Jennings, whose 4.32-second forty at the combine vaulted him up draft boards and changed his NFL trajectory in a matter of seconds.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: Post-Gazette beat writers described the Athletics' temporary home, Sutter Health Park in West Sacramento, as a surprisingly pleasant minor-league venue during the Pirates' visit.
The Athletics play their home games at Sutter Health Park, a Triple-A ballpark in West Sacramento, while they wait on a Las Vegas stadium; Post-Gazette writers covering the Pirates' series there found the cozy minor-league setting better than expected.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: The Senator John Heinz History Center named Steelers quarterback Terry Bradshaw a Pittsburgh History Maker, an honor he told the Post-Gazette finally makes him feel at home in the city.
Four-time Super Bowl-winning Steelers quarterback Terry Bradshaw, long ambivalent about Pittsburgh, said his induction among the Heinz History Center's Pittsburgh History Makers means a great deal to him.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: After the U.S. men topped World Cup Group D, defender Chris Richards and others, echoed by Zlatan Ibrahimovic, argued the Americans can win the tournament outright.
Fresh off a 2-0 win over Australia in Seattle that secured the top of Group D, the U.S. men's national team has shed its old caution; defender Chris Richards and pundits including Zlatan Ibrahimovic call a title run on home soil realistic, a belief the squad now openly embraces.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1%