daily plain-text briefing: security, markets, business, and pittsburgh
Microsoft's 2011 Secure Boot certificates begin expiring June 24 across Windows and Linux machines, even as actively exploited Splunk and WordPress flaws and a novel AI-agent code-execution attack press defenders.
Latest developments: Wired reports the cryptographic certificates that anchor a computer's Secure Boot sequence start expiring June 24, 2026, threatening Windows and Linux machines that miss firmware updates.
Microsoft's original 2011 Secure Boot signing certificates expire, and devices that never received replacement keys can lose the ability to verify trusted bootloaders or block tampered ones. PC owners and administrators should apply the UEFI firmware and operating-system updates that install the new certificates before the cutoff.
Sources: Wired Security · ↑ top
Latest developments: Threat actors are exploiting CVE-2026-4020, a medium-severity unauthenticated information-disclosure bug in the Gravity SMTP WordPress plugin, which runs on roughly 100,000 sites.
The CVSS 5.3 flaw lets unauthenticated attackers extract configuration data, API keys, secrets, and OAuth tokens from affected sites. Site operators should update the plugin to the patched release and rotate any exposed credentials.
Sources: The Hacker News · BleepingComputer · ↑ top
Latest developments: The June 21, 2026, deadline CISA set for federal civilian agencies to mitigate actively exploited Splunk Enterprise flaw CVE-2026-20253 lands today.
Splunk and Resecurity confirmed in-the-wild exploitation of the critical, unauthenticated remote-code-execution bug, which can lead to full system compromise. CISA listed it in its known exploited vulnerabilities catalog and urged operators to patch and hunt for indicators of compromise.
Sources: Help Net Security · BleepingComputer · ↑ top
Latest developments: Microsoft researchers detailed AutoJack, an exploit chain that steers an AI browsing agent to an attacker's web page whose JavaScript reaches a privileged local service and spawns a process on the host.
AutoJack needs no credentials, sign-in, or further user interaction once the agent loads the malicious page, turning an AI browser into a delivery vehicle for remote code execution on the user's machine. Organizations deploying agentic browsing tools should isolate them from privileged local services.
Sources: The Hacker News · ↑ top
Latest developments: Fortra, citing Federal Trade Commission figures, reports imposter scams cost Americans $3.5 billion in 2025 and the losses keep climbing.
Fraudsters impersonate victims' banks, government agencies, and local planning offices to extract money and data, and the FTC ranks impersonation among the costliest fraud categories. Individuals should verify any unexpected contact through an independently sourced phone number before acting.
Sources: Graham Cluley · ↑ top
Latest developments: John Edwards resigned as the United Kingdom's information commissioner, writing on LinkedIn that his position had become untenable amid an investigation into 'inappropriate humour.'
Edwards led the Information Commissioner's Office, Britain's data-protection and privacy regulator, and said he disagreed with how the investigation proceeded yet accepted he could no longer stay. His departure leaves the watchdog seeking new leadership.
Sources: The Record · ↑ top
Latest developments: Vice President JD Vance landed in Switzerland on Sunday, June 21, for talks that open by addressing the Israel-Hizbollah fighting in Lebanon, after Iran's joint military command declared the Strait of Hormuz closed again following a fresh exchange of fire.
The United States and Iran sit down Sunday in Switzerland to negotiate a permanent end to the war; renewed Israel-Hizbollah clashes in Lebanon prompted Tehran to reclose the Strait of Hormuz, the chokepoint for roughly a fifth of the world's oil, threatening the supply relief that followed last week's interim accord.
Sources: FT World · WSJ World News · FT World · ↑ top
Latest developments: Some UK ministers now believe Prime Minister Keir Starmer could set out a departure timetable as soon as next week, after Andy Burnham's by-election win positioned the Manchester mayor to succeed him.
Pressure mounts on Starmer to name a leaving date as Labour's leadership question opens; Burnham's camp debates a chancellor pick among Ed Miliband, Shabana Mahmood, and Yvette Cooper while bond markets seek reassurance on deteriorating British public finances.
Sources: FT World · FT World · ↑ top
Today: Mostly Sunny, high 81F.
Tonight: Mostly Cloudy then Slight Chance Showers And Thunderstorms, low 62F.
Monday: Chance Showers And Thunderstorms then Showers And Thunderstorms, high 77F.
Latest developments: POGOH secured a $1.5 million grant to extend Pittsburgh's bike-share network past the city line into surrounding municipalities.
POGOH, the nonprofit that operates Pittsburgh's bike-share system, will spend the $1.5 million to add stations beyond the city's borders, widening a program now concentrated within Pittsburgh proper.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Allegheny County's proposed paid parental leave could keep teachers out for as much as half a school year, and district officials question whether they can cover the absences.
Allegheny County's paid parental leave proposal would grant new parents extended time off; school districts warn that a teacher gone for half the academic year strains staffing and budgets they must scramble to fill.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: The new South Side Street Fest drew largely positive reviews on its opening weekend, and organizers plan to repeat it every Friday and Saturday night through the rest of the summer.
The South Side Hospitality Partnership's festival closes East Carson Street on the South Side to tame the neighborhood's chaotic summer weekends; opening-night attendees told KDKA they felt safe, and the event will run each Friday and Saturday through summer.
Pirates (38-39)
Sat Jun 20 · Pirates 1 · Rockies 2 · Final
McCarthy hits leadoff inside-the-park homer off Skenes in Rockies' 2-1 win over Pirates
Up Next · Pirates @ Rockies · Sun Jun 21, 3:10 PM
Latest developments: A Post-Gazette mailbag laid out the Pirates' catching plan now that Joey Bart is gone, leaning on Henry Davis and weighing whether Marcell Ozuna rejoins the club.
After dealing catcher Joey Bart to the Braves for reliever Hunter Stratton, the Pirates turn to Henry Davis behind the plate; the Post-Gazette mailbag also addressed whether designated hitter Marcell Ozuna returns to Pittsburgh.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: Convincing group-stage wins, capped by a 2-0 defeat of Australia, have lifted expectations for the U.S. men's national team, with defender Alex Freeman's goal confirmed onside after a VAR review.
The United States men's national team, co-hosting the 2026 World Cup, beat Australia 2-0 as Alex Freeman—son of former Green Bay Packers receiver Antonio Freeman—scored, and the flurry of goals has raised belief in a deep American run.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1%