================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 21, 2026 - 6:06 AM EDT ================================================================ Microsoft's 2011 Secure Boot certificates begin expiring June 24 across Windows and Linux machines, even as actively exploited Splunk and WordPress flaws and a novel AI-agent code-execution attack press defenders. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Microsoft's AutoJack chain shows a single attacker-controlled web page can steer an AI browsing agent into reaching a privileged local service and running code on its host. see: AutoJack Turns AI Browsers Into RCE Vectors * [TREND] Defenders face stacked deadlines as CISA's Splunk Enterprise mitigation cutoff lands today, the Gravity SMTP WordPress flaw draws active exploitation, and Secure Boot certificates begin expiring June 24. see: Splunk Enterprise RCE Federal Deadline Arrives; Gravity SMTP WordPress Flaw Under Active Exploitation; Secure Boot Keys Begin Expiring June 24 * [TREND] Imposter scams drained $3.5 billion from Americans in 2025 by posing as their banks, governments, and local offices, with the losses still climbing. see: Imposter Scams Cost Americans $3.5 Billion * [UPDATE (new)] JD Vance reached Switzerland for talks on the Israel-Hizbollah fighting as Iran again declared the Strait of Hormuz closed, while Keir Starmer nears a UK departure. see: Vance Reaches Switzerland as Iran Shuts Hormuz Again; Starmer Nears Exit as UK Finances Worsen * [TREND] Reading pieces dissect AI's economics, with Zitron calling Silicon Valley a bubble, Newport arguing AI merely exposes already-broken work, and Morton mapping AI's e-commerce upheaval. see: Premium: The Silicon Valley Bubble (Part 2); AI Isn't Breaking Work. It's Already Broken.; An Interview with Michael Morton About E-Commerce in the Age of AI SECURITY ---------------------------------------------------------------- 1. SECURE BOOT KEYS BEGIN EXPIRING JUNE 24 Vulnerabilities and Exploits · [patch, vulnerability] Latest developments: Wired reports the cryptographic certificates that anchor a computer's Secure Boot sequence start expiring June 24, 2026, threatening Windows and Linux machines that miss firmware updates. Microsoft's original 2011 Secure Boot signing certificates expire, and devices that never received replacement keys can lose the ability to verify trusted bootloaders or block tampered ones. PC owners and administrators should apply the UEFI firmware and operating-system updates that install the new certificates before the cutoff. - Wired Security: https://www.wired.com/story/a-critical-deadline-is-approaching-for-windows-and-linux-security/ 2. GRAVITY SMTP WORDPRESS FLAW UNDER ACTIVE EXPLOITATION Vulnerabilities and Exploits · [patch, vulnerability] Latest developments: Threat actors are exploiting CVE-2026-4020, a medium-severity unauthenticated information-disclosure bug in the Gravity SMTP WordPress plugin, which runs on roughly 100,000 sites. The CVSS 5.3 flaw lets unauthenticated attackers extract configuration data, API keys, secrets, and OAuth tokens from affected sites. Site operators should update the plugin to the patched release and rotate any exposed credentials. - The Hacker News: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/hackers-exploit-info-disclosure-bug-in-gravity-smtp-wordpress-plugin/ 3. SPLUNK ENTERPRISE RCE FEDERAL DEADLINE ARRIVES Vulnerabilities and Exploits · [patch, vulnerability] Latest developments: The June 21, 2026, deadline CISA set for federal civilian agencies to mitigate actively exploited Splunk Enterprise flaw CVE-2026-20253 lands today. Splunk and Resecurity confirmed in-the-wild exploitation of the critical, unauthenticated remote-code-execution bug, which can lead to full system compromise. CISA listed it in its known exploited vulnerabilities catalog and urged operators to patch and hunt for indicators of compromise. - Help Net Security: https://www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/ 4. AUTOJACK TURNS AI BROWSERS INTO RCE VECTORS AI Security · [ai, zero-day] Latest developments: Microsoft researchers detailed AutoJack, an exploit chain that steers an AI browsing agent to an attacker's web page whose JavaScript reaches a privileged local service and spawns a process on the host. AutoJack needs no credentials, sign-in, or further user interaction once the agent loads the malicious page, turning an AI browser into a delivery vehicle for remote code execution on the user's machine. Organizations deploying agentic browsing tools should isolate them from privileged local services. - The Hacker News: https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html 5. IMPOSTER SCAMS COST AMERICANS $3.5 BILLION Ransomware and Cybercrime · [fraud, cybercrime] Latest developments: Fortra, citing Federal Trade Commission figures, reports imposter scams cost Americans $3.5 billion in 2025 and the losses keep climbing. Fraudsters impersonate victims' banks, government agencies, and local planning offices to extract money and data, and the FTC ranks impersonation among the costliest fraud categories. Individuals should verify any unexpected contact through an independently sourced phone number before acting. - Graham Cluley: https://www.fortra.com/blog/imposter-scams-cost-americans-35-billion-2025-and-its-getting-worse 6. UK INFORMATION COMMISSIONER RESIGNS Policy and Regulation · [policy] Latest developments: John Edwards resigned as the United Kingdom's information commissioner, writing on LinkedIn that his position had become untenable amid an investigation into 'inappropriate humour.' Edwards led the Information Commissioner's Office, Britain's data-protection and privacy regulator, and said he disagreed with how the investigation proceeded yet accepted he could no longer stay. His departure leaves the watchdog seeking new leadership. - The Record: https://therecord.media/uk-information-commissioner-resigns-over-inappropriate-humor BUSINESS AND POLITICS ---------------------------------------------------------------- * Vance Reaches Switzerland as Iran Shuts Hormuz Again Latest developments: Vice President JD Vance landed in Switzerland on Sunday, June 21, for talks that open by addressing the Israel-Hizbollah fighting in Lebanon, after Iran's joint military command declared the Strait of Hormuz closed again following a fresh exchange of fire. The United States and Iran sit down Sunday in Switzerland to negotiate a permanent end to the war; renewed Israel-Hizbollah clashes in Lebanon prompted Tehran to reclose the Strait of Hormuz, the chokepoint for roughly a fifth of the world's oil, threatening the supply relief that followed last week's interim accord. - FT World: https://www.ft.com/content/c1014643-940c-4874-998a-0a52eb517c49 - WSJ World News: https://www.wsj.com/world/middle-east/fighting-flares-again-in-lebanon-despite-israel-hezbollah-ceasefire-4d0ffae8 - FT World: https://www.ft.com/content/fad77f6e-b1db-460a-a0c8-c2fd132932f5 * Starmer Nears Exit as UK Finances Worsen Latest developments: Some UK ministers now believe Prime Minister Keir Starmer could set out a departure timetable as soon as next week, after Andy Burnham's by-election win positioned the Manchester mayor to succeed him. Pressure mounts on Starmer to name a leaving date as Labour's leadership question opens; Burnham's camp debates a chancellor pick among Ed Miliband, Shabana Mahmood, and Yvette Cooper while bond markets seek reassurance on deteriorating British public finances. - FT World: https://www.ft.com/content/e586d110-34cf-47c6-8a05-68750ee425dd - FT World: https://www.ft.com/content/4f4b1142-96bd-4a02-a7ae-6166ccb54e2b PITTSBURGH ---------------------------------------------------------------- Weather: Today: Mostly Sunny, high 81F. Tonight: Mostly Cloudy then Slight Chance Showers And Thunderstorms, low 62F. Monday: Chance Showers And Thunderstorms then Showers And Thunderstorms, high 77F. Business: * POGOH Bike Share Wins $1.5M to Expand Latest developments: POGOH secured a $1.5 million grant to extend Pittsburgh's bike-share network past the city line into surrounding municipalities. POGOH, the nonprofit that operates Pittsburgh's bike-share system, will spend the $1.5 million to add stations beyond the city's borders, widening a program now concentrated within Pittsburgh proper. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/city/2026/06/21/pogoh-pittsburgh-bike-share-expansion/stories/202606180058 * County Paid-Leave Plan Tests School Districts Latest developments: Allegheny County's proposed paid parental leave could keep teachers out for as much as half a school year, and district officials question whether they can cover the absences. Allegheny County's paid parental leave proposal would grant new parents extended time off; school districts warn that a teacher gone for half the academic year strains staffing and budgets they must scramble to fill. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/education/2026/06/21/allegheny-county-paid-leave-teachers/stories/202606180040 Around town: * South Side Street Fest Opens to Good Reviews Latest developments: The new South Side Street Fest drew largely positive reviews on its opening weekend, and organizers plan to repeat it every Friday and Saturday night through the rest of the summer. The South Side Hospitality Partnership's festival closes East Carson Street on the South Side to tame the neighborhood's chaotic summer weekends; opening-night attendees told KDKA they felt safe, and the event will run each Friday and Saturday through summer. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-south-side-street-fest-opens/ - WPXI: https://www.wpxi.com/news/local/first-night-pittsburghs-new-south-side-street-fest-kicks-off/I52SUJRKRNAMJATSOJDT544DLM/ SPORTS ---------------------------------------------------------------- Pirates (38-39) Sat Jun 20 · Pirates 1 · Rockies 2 · Final McCarthy hits leadoff inside-the-park homer off Skenes in Rockies' 2-1 win over Pirates https://plaintextsports.com/mlb/2026-06-20/pit-col Up Next · Pirates @ Rockies · Sun Jun 21, 3:10 PM https://plaintextsports.com/mlb/2026-06-21/pit-col Around the Teams: * Pirates' Catcher Plan After Bart Trade Latest developments: A Post-Gazette mailbag laid out the Pirates' catching plan now that Joey Bart is gone, leaning on Henry Davis and weighing whether Marcell Ozuna rejoins the club. After dealing catcher Joey Bart to the Braves for reliever Hunter Stratton, the Pirates turn to Henry Davis behind the plate; the Post-Gazette mailbag also addressed whether designated hitter Marcell Ozuna returns to Pittsburgh. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/19/mlb-trade-bart-stratton-henry-davis-marcell-ozuna/stories/202606190033 Team USA: * USMNT Rolls, World Cup Hopes Rise Latest developments: Convincing group-stage wins, capped by a 2-0 defeat of Australia, have lifted expectations for the U.S. men's national team, with defender Alex Freeman's goal confirmed onside after a VAR review. The United States men's national team, co-hosting the 2026 World Cup, beat Australia 2-0 as Alex Freeman—son of former Green Bay Packers receiver Antonio Freeman—scored, and the flurry of goals has raised belief in a deep American run. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49119534/var-review-united-states-australia-alex-freeman-usmnt-goal-not-offside - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49003063/how-alex-freeman-pro-bowl-dad-green-bay-packers-antonio-freeman-helped-world-cup-dream-usmnt READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Zitron extends his argument that the AI-driven Silicon Valley boom is a bubble nearing its end, drawing on OpenAI's audited financials—roughly $34 billion spent against $13 billion in revenue—to contend the leading AI firms have no path to profitability. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson interviews Michael Morton on how AI reshapes e-commerce, covering unfalsifiable bear cases, distribution versus referral models, grocery, and autonomous vehicles. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Newport argues that AI exposes dysfunction already embedded in modern knowledge work rather than creating it, responding to a Financial Times interview with Work AI Institute head Rebecca Hinds about a survey of 6,000 digital workers. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 77.35 ▼ -12.5% EUR/USD 1.1528 ▼ -0.2% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1% ================================================================ Generated 2026-06-21 06:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================