================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Saturday, June 20, 2026 - 9:06 PM EDT ================================================================ Microsoft ties a 140-package npm supply-chain attack on the Mastra AI framework to North Korea's Sapphire Sleet, as the FortiBleed credential dump and a fresh Klue OAuth breach keep enterprise identity under siege. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Stolen credentials and OAuth tokens drive the day's biggest intrusions, from Unit 42's 86,644 hijacked FortiBleed firewalls to the tokens that let Icarus reach customers' Salesforce environments. see: FortiBleed Credential Campaign; Klue OAuth Breach Draws Icarus Claim * [TREND] Microsoft tied a poisoning of more than 140 npm packages in the Mastra AI framework to North Korea's Sapphire Sleet, extending the regime's open-source supply-chain campaign. see: Mastra AI Supply Chain Hits 140 npm Packages * [TREND] Fresh stealthy malware keeps surfacing, with Prinz Eugen ransomware encrypting recently modified files yet leaving no note while CryptoBandits tunnels its command traffic through Tor. see: Prinz Eugen Ransomware Skips the Note; CryptoBandits Malware Abuses Tor * [TREND] Scrutiny of the AI boom deepens as Zitron calls the bubble near its end, Newport argues work was already broken, and Macron presses democracies to regulate. see: Premium: The Silicon Valley Bubble (Part 2); AI Isn't Breaking Work. It's Already Broken.; Macron Presses Democracies on AI Regulation * [UPDATE (updated)] Vice President JD Vance departed for the U.S.-Iran talks now set for Sunday in Switzerland as Washington and Qatar worked to unfreeze Iranian funds and Hormuz closed again. see: Vance Heads to Iran Talks as Hormuz Closes Again SECURITY ---------------------------------------------------------------- 1. FORTIBLEED CREDENTIAL CAMPAIGN Vulnerabilities and Exploits · [credential-theft, vpn] Latest developments: Palo Alto Networks' Unit 42 published a threat brief guiding defenders through mitigating the large-scale credential attacks behind FortiBleed, which has now compromised 86,644 internet-facing FortiGate firewalls and VPN gateways. FortiBleed, pinned on Russian-speaking actors, exposed credentials on roughly half the internet-reachable Fortinet appliances; CISA and Unit 42 urge operators to rotate credentials and harden devices. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/large-scale-credential-attacks/ - The Hacker News: https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html - SecurityWeek: https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/ 2. MASTRA AI SUPPLY CHAIN HITS 140 NPM PACKAGES AI Security · [apt, supply-chain, npm] Latest developments: Microsoft attributed a supply-chain attack that compromised more than 140 npm packages tied to the Mastra AI framework to North Korea's Sapphire Sleet, the group also tracked as BlueNoroff. Sapphire Sleet, a North Korean state-aligned group, poisoned npm packages linked to the Mastra AI agent framework to plant malware on developers' machines; teams building on Mastra should audit dependencies and rotate any exposed secrets. - BleepingComputer: https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ 3. PRINZ EUGEN RANSOMWARE SKIPS THE NOTE Ransomware and Cybercrime · [ransomware] Latest developments: A new ransomware operation named Prinz Eugen surfaced that prioritizes recently modified files for encryption and leaves no ransom note on the infected system. Prinz Eugen targets fresh, high-value files first and drops no note, complicating victim identification and recovery; defenders should watch for rapid encryption of recently edited documents and maintain offline backups. - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-prinz-eugen-ransomware-prioritizes-recent-files-for-encryption/ 4. MACRON PRESSES DEMOCRACIES ON AI REGULATION Policy and Regulation · [policy, ai] Latest developments: French President Emmanuel Macron urged the world's wealthy democracies to jointly regulate advanced AI systems and pressed the United States to share its cutting-edge models. Macron's call frames advanced AI governance as a coordination problem among allied democracies, arriving amid Washington's export controls on frontier models; it signals pressure for shared rules over unilateral restriction. - SecurityWeek: https://www.securityweek.com/french-president-urges-us-to-share-cutting-edge-ai-and-democracies-to-cooperate-on-regulation/ 5. KLUE OAUTH BREACH DRAWS ICARUS CLAIM Data Breaches · [breach, supply-chain] Latest developments: A new extortion group calling itself Icarus publicly claimed the Klue breach as the victim list grew, with Klue confirming attackers stole OAuth tokens that linked to customers' Salesforce environments and Salesforce disabling the Klue Battlecards integration. Market-intelligence platform Klue lost OAuth tokens that let attackers pull data from connected Salesforce instances at customers including Huntress and Recorded Future; affected firms should revoke Klue tokens and review Salesforce access logs. - BleepingComputer: https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/19/klue-salesforce-data-breach-huntress/ - The Hacker News: https://thehackernews.com/2026/06/salesforce-disables-klue-app.html - SecurityWeek: https://www.securityweek.com/cybersecurity-firms-impacted-by-klue-supply-chain-attack/ 6. CRYPTOBANDITS MALWARE ABUSES TOR Ransomware and Cybercrime · [malware, backdoor] Latest developments: SecurityWeek detailed CryptoBandits, malware that doubles as a backdoor and routes traffic through a local SOCKS5 proxy over Tor, blending data theft with remote code execution. CryptoBandits combines an information stealer and a remote-access backdoor, hiding its command channel behind Tor; organizations should flag unexpected local SOCKS5 proxies and Tor traffic from endpoints. - SecurityWeek: https://www.securityweek.com/cryptobandits-malware-doubles-as-a-backdoor-abuses-tor/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Vance Heads to Iran Talks as Hormuz Closes Again Latest developments: Vice President JD Vance left Saturday for the U.S.-Iran talks now set for Sunday in Switzerland, while Washington and Qatar worked on a plan to free billions in frozen Iranian funds for humanitarian spending and Tehran moved to sell oil on the open market for the first time since 2018. Iran's joint military command declared the Strait of Hormuz closed again over Israeli strikes on Hezbollah in Lebanon, days after the interim U.S.-Iran accord reopened the waterway; Israel and Hezbollah then agreed to a renewed ceasefire after four Israeli soldiers and dozens of Lebanese died, leaving the deal that governs Gulf oil flows under early strain. - WSJ World News: https://www.wsj.com/world/middle-east/fighting-flares-again-in-lebanon-despite-israel-hezbollah-ceasefire-4d0ffae8 - WSJ World News: https://www.wsj.com/world/middle-east/iran-frozen-funds-qatar-effed975 - WSJ US Business: https://www.wsj.com/business/energy-oil/iran-can-now-sell-oil-how-fast-can-it-ramp-up-ccb6e58d?mod=pls_whats_news_us_business_f PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Clear, low 58F. Sunday: Mostly Sunny, high 81F. Sunday Night: Slight Chance Rain Showers then Slight Chance Showers And Thunderstorms, low 62F. Business: * Geese Police Get North Shore Contract Latest developments: The Sports & Exhibition Authority of Pittsburgh and Allegheny County authorized a six-month agreement worth up to $10,500 with Wild Goose Chase LLC to clear geese from North Shore Riverfront Park. Wild Goose Chase LLC, known as the Geese Police of Western Pennsylvania, will run its trained dogs along North Shore Riverfront Park to deter the geese that foul the riverfront grounds across from downtown Pittsburgh. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-geese-police-north-shore-riverfront-park/ Around town: * Lincoln Beach Holds Its First Juneteenth Latest developments: The historically Black Lincoln Beach section of Upper Burrell held its first Juneteenth celebration Saturday, June 20, organized by the Rev. Vincent Ponder of Community Baptist Church. Lincoln Beach, a longtime Black community in Upper Burrell in the Alle-Kiski Valley, marked Juneteenth for the first time with a gathering led by Community Baptist Church's pastor, the Rev. Vincent Ponder. - TribLive: https://triblive.com/local/valley-news-dispatch/lincoln-beach-historically-black-upper-burrell-community-holds-first-juneteenth-celebration/ * Soaking Rain Brings Monday Impact Day Latest developments: Saturday evening's storms fizzled, but WTAE meteorologists held Monday, June 22, as an Impact Day for a soaking rain across western Pennsylvania. A round of heavy, prolonged rain will move through the Pittsburgh region Monday, June 22, after only isolated storms passed over the weekend. - WTAE: https://www.wtae.com/article/evening-storms-fizzle-impact-day-monday/71648472 SPORTS ---------------------------------------------------------------- Pirates (38-38) Fri Jun 19 · Pirates 3 · Rockies 4 · Final Fulford's pinch 2-run double in 8th lifts Rockies past Pirates 4-3, Freeland reaches 1,000 Ks https://plaintextsports.com/mlb/2026-06-19/pit-col Up Next · Pirates @ Rockies · Sat Jun 20, 9:10 PM https://plaintextsports.com/mlb/2026-06-20/pit-col Around the Teams: * Off The Bat on Bill Murphy's Pitching Staff Latest developments: A Post-Gazette "Off The Bat" column weighed whether Pirates pitching coach Bill Murphy has improved the staff across both the rotation and the bullpen. The Pittsburgh Pirates hired Bill Murphy to oversee their pitchers, and the Post-Gazette assessed the early returns on the rotation and a bullpen the team has worked to repair. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/20/murphy-pirates-pitchers-staff-bullpen-rotation/stories/202606200030 * SNR Drive on Breakouts and Trade Candidates Latest developments: On the June 19 SNR Drive, Matt Williamson and Wes Uhler broke down ESPN writer Ben Solak's picks for 2025 breakouts and "cliff falls," ran through leaguewide trade candidates, and fielded Steelers questions heading into 2026. The Pittsburgh Steelers' SNR Drive podcast looked ahead to the 2026 season, debating which players around the NFL are poised to rise or fall and which could be moved before the season. - Pittsburgh Steelers (YouTube): https://www.youtube.com/watch?v=oqUdOC8pj5Q * Drew Allar Recalls His Draft Call Latest developments: In the newest "Forging Steel," rookie quarterback Drew Allar reflected on the moment the Steelers called to draft him. The Pittsburgh Steelers drafted Penn State quarterback Drew Allar in 2026, and the team's "Forging Steel" series captured his reaction to getting the call. - Pittsburgh Steelers (YouTube): https://www.youtube.com/shorts/51zxZ6DKq34 Team USA: * U.S. Wins World Cup Group D Latest developments: Paraguay's 1-0 win over Turkey on Saturday, June 20, secured the United States the top spot in Group D and a place in the round of 32. The U.S. men's national team, which beat Australia 2-0 in Seattle without the calf-injured Christian Pulisic, clinched first in its group at the 2026 World Cup it co-hosts; Paraguay held on a man down to eliminate a Turkey side that piled up 32 shots without scoring. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49123488/us-clinches-group-d-10-man-paraguay-edges-turkey - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49119070/christian-pulisic-sits-us-finds-way-vs-australia-reach-world-cup-knockout-rounds * Douglass Breaks 50 Freestyle World Record Latest developments: Kate Douglass swam the women's 50-meter freestyle in 23.59 seconds at the TYR Pro Swim Series, bettering the 23.61 mark Sweden's Sarah Sjostrom set in July 2023. The American Olympic champion lowered the world record in swimming's shortest sprint, a marker of form for the U.S. ahead of the next Olympic cycle. - ESPN Olympics: https://www.espn.com/olympics/swimming/story/_/id/49121983/kate-douglass-breaks-women-50-meter-freestyle-world-record READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Zitron argues the AI era is nearing its end, building on his exclusive report that OpenAI spent $34 billion against $13.07 billion in revenue and contending that OpenAI and Anthropic are racing to public markets without a path to profitability. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson and Michael Morton discuss how AI reshapes e-commerce, weighing unfalsifiable bear cases, distribution versus referral models, grocery, and autonomous vehicles. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a Financial Times interview with the Work AI Institute's Rebecca Hinds about a survey of 6,000 digital workers, Newport argues knowledge work was already dysfunctional before AI arrived. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.76 ▲ +0.3% ================================================================ Generated 2026-06-20 21:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================