daily plain-text briefing: security, markets, business, and pittsburgh
North Korea's Sapphire Sleet poisoned more than 140 npm packages through Mastra AI, the day's sharpest sign that software supply chains and stolen credentials remain attackers' easiest path in.
Latest developments: Microsoft attributed the Mastra AI supply-chain attack, which compromised more than 140 npm packages, to North Korea's Sapphire Sleet, the group also tracked as BlueNoroff.
Sapphire Sleet, a financially motivated North Korean crew, slipped malicious code into over 140 packages on the npm registry tied to the Mastra AI framework, threatening any developer who pulled them. Teams should audit dependencies and strip the tainted versions.
Sources: BleepingComputer · ↑ top
Latest developments: Palo Alto Networks' Unit 42 published a threat brief on mitigating large-scale credential attacks aimed at security vendors' internet-facing devices.
Unit 42 detailed how attackers run sweeping credential campaigns against internet-facing security appliances, echoing the FortiBleed credential dump, and laid out defenses. Operators should rotate credentials, enforce multifactor authentication, and limit management exposure.
Sources: Unit 42 (Palo Alto) · ↑ top
Latest developments: A new ransomware operation named Prinz Eugen surfaced, encrypting recently modified files first and leaving no ransom note on infected systems.
Prinz Eugen, a fresh ransomware strain, encrypts a victim's most recently modified files first to inflict fast damage and drops no ransom note on the host. Defenders should watch for rapid mass file changes and keep offline backups.
Sources: BleepingComputer · ↑ top
Latest developments: French President Emmanuel Macron urged the United States to share cutting-edge AI and pressed wealthy democracies to cooperate on regulating advanced systems.
Emmanuel Macron, France's president, called on the United States and fellow wealthy democracies to share advanced AI systems and align their regulation, framing coordinated rules as a counter to fragmented oversight.
Sources: SecurityWeek · ↑ top
Latest developments: Klue publicly confirmed attackers stole OAuth tokens connecting to customers' Salesforce environments, and a new extortion group calling itself Icarus claimed the attack as the victim list grew.
Klue, a market-intelligence platform, lost OAuth tokens that link to customers' Salesforce tenants, exposing downstream companies to data theft. Affected firms should revoke Klue's tokens and hunt for unauthorized Salesforce access.
Sources: BleepingComputer · ↑ top
Latest developments: Iran's joint military command declared the Strait of Hormuz closed Saturday, citing Israeli strikes in Lebanon—a sharp escalation past Friday's reignited clashes, even as Washington and Tehran set their next round of talks for Sunday in Switzerland.
Iran closed the Strait of Hormuz, the passage for much of the world's seaborne oil, after Israel and Hizbollah exchanged fire again and killed four Israeli soldiers and dozens of people in Lebanon, throwing President Trump's deal to end the war and reopen the waterway into doubt.
Sources: FT World · WSJ World News · ↑ top
This Afternoon: Chance Showers And Thunderstorms, high 78F.
Tonight: Slight Chance Showers And Thunderstorms then Partly Cloudy, low 58F.
Sunday: Mostly Sunny, high 82F.
Latest developments: A Post-Gazette analysis published Saturday found most municipalities across the Pittsburgh region continue to lose residents and argued the decline may be acceptable for the area's future.
The Pittsburgh Post-Gazette reported that population losses span most communities in the Pittsburgh area, contending the shrinkage need not signal economic decline for the region.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: TribLive's Offbeat Pittsburgh profiled Erin Patton, the Nike marketer who wrote the business plan launching the Jordan Brand, and his pivot from sports marketing to community service.
Erin Patton, who authored the plan that built Nike's Jordan Brand into one of the most influential names in sports marketing, has turned toward serving others, TribLive recounted.
Latest developments: KDKA profiled how Frontline Dignity, a Pittsburgh immigration-rights group founded by Jaime Martinez, deploys legal observers and volunteers to respond to Immigration and Customs Enforcement raids across the region.
Frontline Dignity, led by founder and executive director Jaime Martinez, sends legal observers and volunteers to respond to Immigration and Customs Enforcement raids in the Pittsburgh area, framing its work as neighbors protecting neighbors.
Latest developments: Forecasters now time a soaking rain for Sunday night through Monday and flagged Monday as an Impact Day, with summer arriving at the solstice at 4:24 a.m. Sunday, June 21.
Summer officially begins at 4:24 a.m. Sunday, June 21, the longest day of the year; after a mild, sunny Father's Day weekend with highs near 80, a soaking rain moves into the Pittsburgh region Sunday night and runs through Monday, June 22, which KDKA and WTAE meteorologists flagged as an Impact Day.
Latest developments: The Mt. Pleasant Volunteer Fire Department's annual Street Fair runs Thursday through Saturday, June 20, in Mt. Pleasant, Westmoreland County.
The Mt. Pleasant Volunteer Fire Department holds its annual Street Fair through Saturday, June 20, in Mt. Pleasant, Westmoreland County, featuring a parade, live music, and food.
Pirates (38-38)
Fri Jun 19 · Pirates 3 · Rockies 4 · Final
Fulford's pinch 2-run double in 8th lifts Rockies past Pirates 4-3, Freeland reaches 1,000 Ks
Up Next · Pirates @ Rockies · Sat Jun 20, 9:10 PM
Latest developments: The Post-Gazette's 'Off The Bat' examined whether new pitching coach Bill Murphy has improved the Pirates' bullpen and rotation this season.
Post-Gazette beat writers assessed pitching coach Bill Murphy's influence on the Pittsburgh Pirates' staff in a June 20 'Off The Bat' installment, gauging his effect across the bullpen and rotation.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: On the June 19 SNR Drive, Matt Williamson and Wes Uhler reacted to ESPN writer Ben Solak's lists of 2025 breakouts and 'cliff falls,' ran through leaguewide trade candidates, and fielded a Steelers Q&A.
The Steelers' SNR Drive paired Matt Williamson and Wes Uhler to break down Ben Solak's breakout and cliff-fall picks, survey current trade candidates around the NFL, and answer Steelers questions heading into the 2026 season.
Sources: Pittsburgh Steelers (YouTube) · ↑ top
Latest developments: The United States secured the top seed in World Cup Group D on Friday, beating Australia 2-0 in Seattle and then watching Paraguay's 1-0 win over Turkey lock in first place.
The U.S. men beat Australia 2-0 in Seattle without the injured Christian Pulisic, with Alex Freeman scoring a VAR-confirmed goal he called a full-circle family moment on the same field where his father, Antonio Freeman, once starred for the Green Bay Packers; Paraguay's later win over Turkey handed the Americans the Group D top seed into the round of 32.
Sources: ESPN Soccer · ESPN Soccer · ESPN Soccer · ↑ top
Latest developments: Kate Douglass swam the women's 50-meter freestyle in 23.59 seconds at the TYR Pro Swim Series, breaking the world record.
American Olympic champion Kate Douglass set a women's 50-meter freestyle world record of 23.59 seconds at the TYR Pro Swim Series meet, eclipsing the 23.61 mark Sarah Sjostrom of Sweden set in July 2023.
Sources: ESPN Olympics · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1%