================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Saturday, June 20, 2026 - 9:06 AM EDT ================================================================ Attackers exploit a WordPress mail plugin on 100,000 sites to harvest API keys, ransomware crews refine EDR-killing toolkits, and imposter scams drain $3.5 billion from Americans. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Cybercrime keeps industrializing as the Gentlemen crew ships GentleKiller to wipe 400 defenses while attackers strip API keys from 100,000 WordPress sites via Gravity SMTP. see: Gentlemen RaaS Hands Affiliates GentleKiller; Gravity SMTP Plugin Exploited for API Keys * [TREND] Imposter scams posing as banks and government agencies became the year's most lucrative fraud, draining $3.5 billion from Americans in 2025, the FTC warns. see: Imposter Scams Cost Americans $3.5 Billion * [UPDATE (new)] Apple is weakening Hide My Email so websites can detect and reject its anonymous relay addresses, making private sign-ups harder for users. see: Apple Weakens Hide My Email Privacy * [UPDATE (new)] The Department of Transportation closed its probe into Delta Air Lines' handling of the 2024 CrowdStrike outage that grounded flights for days. see: DOT Closes Delta CrowdStrike Outage Probe * [TREND] The Reading slate circles AI's strains as Zitron deepens his OpenAI bubble case, Morton weighs AI retail, and Newport says knowledge work was already broken. see: Premium: The Silicon Valley Bubble (Part 2); An Interview with Michael Morton About E-Commerce in the Age of AI; AI Isn't Breaking Work. It's Already Broken. * [TREND] Budget strain ripples across the region as property-tax appeals drain school districts countywide while Alle-Kiski senior centers fight to stay open. see: Tax Appeals Drain School Budgets; Senior Centers Squeezed by Budgets SECURITY ---------------------------------------------------------------- 1. GRAVITY SMTP PLUGIN EXPLOITED FOR API KEYS Vulnerabilities and Exploits · [vulnerability, wordpress, exploit] Latest developments: Researchers assigned the flaw CVE-2026-4020, a medium-severity (CVSS 5.3) unauthenticated information-disclosure bug, and confirmed it leaks configuration data, API keys, secrets, and OAuth tokens from the 100,000 sites running the Gravity SMTP plugin. Gravity SMTP routes outbound email for WordPress sites, and the flaw lets anyone extract stored credentials without authenticating. Site owners should apply the patched version immediately and rotate every exposed key and token. - The Hacker News: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/ 2. APPLE WEAKENS HIDE MY EMAIL PRIVACY Privacy and Surveillance · [privacy] Latest developments: Apple is changing its Hide My Email feature so websites can detect and reject its anonymous relay addresses, letting sites block anonymous sign-ups and making private registration harder for users. Hide My Email generates disposable addresses that forward to a user's real inbox, and the change undercuts that shield for people who rely on it. Privacy-focused users should weigh independent email-masking services. - Graham Cluley: https://www.bitdefender.com/en-us/blog/hotforsecurity/apples-hide-my-email-tweak-leaves-privacy-fans-fuming - Wired Security: https://www.wired.com/story/security-news-this-week-hackers-claim-to-leak-stolen-madison-square-garden-data/ 3. GENTLEMEN RAAS HANDS AFFILIATES GENTLEKILLER Ransomware and Cybercrime · [ransomware, raas] Latest developments: The Hacker News detailed how the Gentlemen ransomware-as-a-service operation builds and maintains GentleKiller, a framework of endpoint-detection killers that targets more than 400 security processes and folds in third-party utilities, then ships the suite to affiliates to disable defenses before deploying the encryptor. Gentlemen centrally develops defense-evasion tooling so affiliates can blind endpoint protection across dozens of products ahead of encryption. Defenders should harden security-process integrity and alert on unauthorized EDR tampering. - The Hacker News: https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html 4. IMPOSTER SCAMS COST AMERICANS $3.5 BILLION Ransomware and Cybercrime · [scam, fraud] Latest developments: The Federal Trade Commission reported that imposter scams—criminals posing as banks, government agencies, and other trusted institutions—cost Americans $3.5 billion in 2025, and it warned the losses keep climbing. Fraudsters impersonate institutions a victim already trusts to extract money and personal data. Consumers should verify any urgent request through a known channel and avoid acting on unsolicited calls, texts, or emails. - Graham Cluley: https://www.fortra.com/blog/imposter-scams-cost-americans-35-billion-2025-and-its-getting-worse 5. DOT CLOSES DELTA CROWDSTRIKE OUTAGE PROBE Policy and Regulation · [policy] Latest developments: The U.S. Department of Transportation closed its investigation into Delta Air Lines' handling of the 2024 CrowdStrike software outage that grounded flights and stranded passengers for days. The faulty CrowdStrike update crippled Windows systems worldwide and hit Delta's operations hardest, drawing a federal review of the carrier's response. The DOT's closure ends that regulatory inquiry. - SecurityWeek: https://www.securityweek.com/in-other-news-apple-patches-beats-eavesdropping-flaw-dot-closes-delta-crowdstrike-probe-aws-continuum/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Lebanon Clashes Reignite, Imperiling Iran Deal Latest developments: Fighting flared again in southern Lebanon Saturday despite the renewed Israel-Hezbollah ceasefire struck Thursday, and the United States and Qatar advanced a separate plan to unlock billions in frozen Iranian funds for humanitarian spending. Israel and Hezbollah resumed cross-border clashes days after agreeing a truce that killed four Israeli soldiers and dozens in Lebanon, threatening the reopening of the Strait of Hormuz and the U.S.-Iran accord that lets Tehran sell oil on the open market for the first time since 2018. Oil prices swung as traders measured the deal's fragility while Washington and Doha worked to free Iranian cash held abroad. - WSJ World News: https://www.wsj.com/world/middle-east/fighting-flares-again-in-lebanon-despite-israel-hezbollah-ceasefire-4d0ffae8 - FT World: https://www.ft.com/content/fad77f6e-b1db-460a-a0c8-c2fd132932f5 - WSJ World News: https://www.wsj.com/world/middle-east/iran-frozen-funds-qatar-effed975 PITTSBURGH ---------------------------------------------------------------- Weather: Today: Mostly Sunny then Chance Showers And Thunderstorms, high 78F. Tonight: Slight Chance Showers And Thunderstorms then Partly Cloudy, low 58F. Sunday: Mostly Sunny, high 82F. Business: * Coal Refuse Piles Eyed for Rare Earths Latest developments: A TribLive report details how Pennsylvania's coal-waste mounds could yield billion-dollar rare-earth deposits, pointing to a gob pile off a gravel road in Conemaugh Township, Indiana County. The coal refuse disposal areas miners call gob or boney, scattered across western Pennsylvania, hold rare-earth minerals that companies now see as a billion-dollar opportunity. Conemaugh Township in Indiana County holds one such artificial mountain on the western edge of the county. - TribLive: https://triblive.com/local/regional/mining-leftovers-packed-with-rare-earth-minerals-offer-billion-dollar-opportunities-in-pa/ * Cafe Zara Opens in Greensburg Latest developments: Greensburg resident Zara Wan opened Cafe Zara, a Middle Eastern cafe along New Alexandria Road, in May. Zara Wan, who manages chronic health conditions she refuses to let define her, opened the Middle Eastern cafe Cafe Zara in May along New Alexandria Road in Greensburg, Westmoreland County. - TribLive: https://triblive.com/local/westmoreland/cafe-zara-middle-eastern-cafe-opens-in-greensburg/ Around town: * Tax Appeals Drain School Budgets Latest developments: A TribLive report finds property-tax assessment challenges across Allegheny County are forcing tax hikes, staff attrition, and delayed construction in school districts countywide. Property-tax appeals are eroding revenue for Allegheny County school districts in every corner of the county, pushing boards to raise taxes, lose staff, and postpone building projects. - TribLive: https://triblive.com/news/education-classroom/killer-to-school-districts-and-their-revenues-property-tax-challenges-straining-allegheny-county-school-budgets/ * Senior Centers Squeezed by Budgets Latest developments: A TribLive report finds Alle-Kiski Valley senior centers, including Riverview Community Action Corp, struggling to stay open amid budget pressure. Senior community centers in the Alle-Kiski Valley face mounting budget struggles that threaten programs and daily gathering spots; regulars such as Cheryl Ann Callahan, who has visited Riverview Community Action Corp almost daily for six years, depend on them for far more than bingo. - TribLive: https://triblive.com/local/valley-news-dispatch/more-than-a-place-to-play-bingo-senior-community-centers-face-challenges-in-the-midst-of-budget-struggles/ * More Newborns Skip Vitamin K Shots Latest developments: TribLive reports that a JAMA study finds Western Pennsylvania and national families increasingly decline newborn vitamin K shots, with refusal rates rising from 2.9% to 5.2% over eight years. Vitamin K shots prevent bleeding complications in newborns, yet a study in JAMA shows refusals climbing from 2.9% to 5.2% in eight years, part of a broader retreat from preventive infant care that worries western Pennsylvania pediatricians. - TribLive: https://triblive.com/news/health-now/western-pa-families-declining-vitamin-k-shots-other-preventive-care-for-newborns/ SPORTS ---------------------------------------------------------------- Pirates (38-38) Fri Jun 19 · Pirates 3 · Rockies 4 · Final Fulford's pinch 2-run double in 8th lifts Rockies past Pirates 4-3, Freeland reaches 1,000 Ks https://plaintextsports.com/mlb/2026-06-19/pit-col Up Next · Pirates @ Rockies · Sat Jun 20, 9:10 PM https://plaintextsports.com/mlb/2026-06-20/pit-col Around the Teams: * Spears-Jennings Ran Onto the Roster Latest developments: A Post-Gazette profile recounts how rookie safety Robert Spears-Jennings's 4.32-second forty-yard dash at the NFL scouting combine remade his draft stock and landed him with the Steelers. The Post-Gazette traced Steelers rookie safety Robert Spears-Jennings, whose 4.32-second forty at the combine vaulted him up draft boards and changed his NFL trajectory in a matter of seconds. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/18/40yarddash-nfl-combine-spears-jennings-murphy-draft/stories/202606170001 * Pirates Size Up the A's Temporary Park Latest developments: Post-Gazette beat writers described the Athletics' temporary home, Sutter Health Park in West Sacramento, as a surprisingly pleasant minor-league venue during the Pirates' visit. The Athletics play their home games at Sutter Health Park, a Triple-A ballpark in West Sacramento, while they wait on a Las Vegas stadium; Post-Gazette writers covering the Pirates' series there found the cozy minor-league setting better than expected. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/18/mlb-ballparks-west-sacramento-sutter-health-park-las-vegas-athletics/stories/202606180049 * Bradshaw Joins Pittsburgh History Makers Latest developments: The Senator John Heinz History Center named Steelers quarterback Terry Bradshaw a Pittsburgh History Maker, an honor he told the Post-Gazette finally makes him feel at home in the city. Four-time Super Bowl-winning Steelers quarterback Terry Bradshaw, long ambivalent about Pittsburgh, said his induction among the Heinz History Center's Pittsburgh History Makers means a great deal to him. - Post-Gazette Steelers: https://www.post-gazette.com/life/goodness/2026/06/18/terry-bradshaw-steelers-heinz-history-makers-pittsburgh/stories/202606180003 Team USA: * U.S. Dares to Dream After Clinching Latest developments: After the U.S. men topped World Cup Group D, defender Chris Richards and others, echoed by Zlatan Ibrahimovic, argued the Americans can win the tournament outright. Fresh off a 2-0 win over Australia in Seattle that secured the top of Group D, the U.S. men's national team has shed its old caution; defender Chris Richards and pundits including Zlatan Ibrahimovic call a title run on home soil realistic, a belief the squad now openly embraces. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49121797/ok-dream-big-usmnt-world-cup - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49121031/usa-winning-2026-world-cup-chris-richards-zlatan-ibrahimovic READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Zitron extends his case that the AI boom is a bubble nearing its end, building on his scoop that OpenAI spent $34 billion to generate $13.07 billion in revenue, and argues the leading AI labs burn cash with no credible path to profit. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson interviews Michael Morton on how AI reshapes online retail, covering distribution versus referral models, grocery, autonomous vehicles, and why the bearish cases against incumbents tend to be unfalsifiable. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Newport argues knowledge work was dysfunctional well before AI arrived, its 'hyperactive hive mind' of constant communication the real culprit, drawing on a Work AI Institute survey of 6,000 workers reported by the Financial Times. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1% ================================================================ Generated 2026-06-20 09:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================