================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Sunday, June 21, 2026 - 9:09 PM EDT ================================================================ Attackers turned widely deployed web software and aging consumer hardware into harvesting infrastructure as a Gravity SMTP WordPress flaw bled secrets and the AryStinger botnet swallowed thousands of D-Link routers. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] A medium-severity flaw in the Gravity SMTP WordPress plugin shows how attackers now mine everyday web software for the API keys, OAuth tokens, and secrets that unlock connected systems. see: Gravity SMTP Plugin Flaw Exploited * [TREND] Criminals keep recruiting aging, unpatched hardware into their operations, and the AryStinger botnet's takeover of more than 4,000 D-Link routers converts abandoned home gear into proxies for malicious traffic. see: AryStinger Router Botnet * [TREND] As scammers wield artificial intelligence to terrorize victims, Japan answers in kind, with Osaka police fielding a synthetic officer named AI Ko to teach residents to recognize the digital arrest con. see: Japan's AI Ko Anti-Scam Officer * [UPDATE (new)] systemd 261 Adds Software TPM see: systemd 261 Adds Software TPM * [UPDATE (new)] Iran Pauses U.S. Talks as Oil Climbs on Doubts see: Iran Pauses U.S. Talks as Oil Climbs on Doubts * [UPDATE (updated)] Starmer Set to Name Resignation Timetable see: Starmer Set to Name Resignation Timetable * [UPDATE (new)] Shilo Ranch Lists in Butler County see: Shilo Ranch Lists in Butler County SECURITY ---------------------------------------------------------------- 1. SYSTEMD 261 ADDS SOFTWARE TPM Vulnerabilities and Exploits · [linux, patch] Latest developments: The systemd 261 release ships a software TPM, adds an IMDS cloud-metadata subsystem whose systemd-imdsd daemon exposes a local Varlink API, and carries process state through kexec reboots. Linux distributions that run systemd as their init system gain TPM-backed security features without dedicated hardware; administrators tracking systemd should plan to adopt the 261 update. - Help Net Security: https://www.helpnetsecurity.com/2026/06/22/systemd-261-released/ 2. ARYSTINGER ROUTER BOTNET Ransomware and Cybercrime · [botnet, malware] Latest developments: BleepingComputer detailed AryStinger, a previously undocumented botnet that has compromised more than 4,000 outdated routers worldwide, many of them D-Link models, and turned them into proxies for malicious traffic. AryStinger preys on end-of-life routers that owners no longer patch; operators of aging D-Link gear should replace or update the devices to keep them out of the proxy network. - BleepingComputer: https://www.bleepingcomputer.com/news/security/arystinger-botnet-infected-thousands-of-d-link-routers-worldwide/ 3. JAPAN'S AI KO ANTI-SCAM OFFICER Fraud and Scams · [fraud, scam] Latest developments: Frank on Fraud reported that police in Osaka created AI Ko, a synthetic, calm-voiced officer who walks residents through the digital arrest scam spreading across Japan. The digital arrest scam has fraudsters posing as authorities to frighten victims into paying; Osaka police built AI Ko to teach residents to recognize the con before they fall for it. - Frank on Fraud: https://frankonfraud.com/japan-built-an-ai-police-officer-to-fight-the-fake-ones/ 4. GRAVITY SMTP PLUGIN FLAW EXPLOITED Vulnerabilities and Exploits · [vulnerability, exploit, wordpress] Latest developments: Threat actors began actively exploiting CVE-2026-4020, an information-disclosure flaw in the Gravity SMTP WordPress plugin installed on roughly 100,000 sites, to extract configuration data, API keys, secrets, and OAuth tokens. The medium-severity bug, rated CVSS 5.3, lets unauthenticated attackers pull sensitive data from affected sites; administrators running Gravity SMTP should apply the patched release at once. - The Hacker News: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html BUSINESS AND POLITICS ---------------------------------------------------------------- * Iran Pauses U.S. Talks as Oil Climbs on Doubts Latest developments: Iran paused the Switzerland negotiations after Trump's strike threat, and oil prices rose in early Asian trade as traders doubted the interim deal would hold. Vice President JD Vance and senior Iranian officials opened formal talks Sunday near Lake Lucerne over Tehran's nuclear program and the interim accord meant to end the war, while Trump threatened from afar to strike Iran over its backing of Hezbollah in Lebanon. - WSJ Markets: https://www.wsj.com/finance/commodities-futures/oil-prices-rise-as-doubts-over-u-s-iran-peace-deal-grow-bb9cd432?mod=rss_markets_main - FT World: https://www.ft.com/content/c1014643-940c-4874-998a-0a52eb517c49 - WSJ World News: https://www.wsj.com/world/middle-east/war-in-lebanon-casts-shadow-over-renewed-iran-u-s-nuclear-talks-f457c7e9 * Starmer Set to Name Resignation Timetable Latest developments: Allies now expect Keir Starmer to set out a departure timetable within days, clearing the path for Andy Burnham to replace him. Starmer's Labour premiership crumbled after Burnham's by-election win, and the prime minister spent the weekend at Chequers weighing his exit with his wife, Victoria; his departure would give Britain its seventh premier in a decade and raise fresh worries over gilts. - FT World: https://www.ft.com/content/ed96e673-8d46-4dec-aebc-d69863b9e801 - FT World: https://www.ft.com/content/e586d110-34cf-47c6-8a05-68750ee425dd PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Mostly Cloudy then Chance Showers And Thunderstorms, low 62F. Monday: Showers And Thunderstorms then Chance Showers And Thunderstorms, high 77F. Monday Night: Showers And Thunderstorms then Mostly Cloudy, low 59F. Business: * Shilo Ranch Lists in Butler County Latest developments: Shilo Ranch, a 340-acre sporting estate at 399 Cornetti Road near Petrolia in Butler County, hit the market with a 17,000-square-foot residence at its center. Pittsburgh Magazine featured the listing of Shilo Ranch, a luxury sporting retreat spanning more than 340 acres of rolling countryside in rural Butler County, anchored by a 17,000-square-foot home. - Pittsburgh Magazine: https://www.pittsburghmagazine.com/hot-property-399-cornetti-road-butler-county/ Around town: * Millvale Holds Pride Celebration Latest developments: Millvale filled its streets this weekend with drag performers, live bands, and pay-what-you-want haircuts for a Pride Month gathering. Community members gathered in Millvale to watch drag shows and bands, make crafts, and visit local businesses; vendor Caron Spriggs-Bethea said such events help people feel less alone. - WPXI: https://www.wpxi.com/news/local/annual-pride-month-celebration-held-millvale/GXBD6KF32FBX5NAEG5LXVZURNU/ SPORTS ---------------------------------------------------------------- Pirates (39-39) Sat Jun 20 · Pirates 1 · Rockies 2 · Final McCarthy hits leadoff inside-the-park homer off Skenes in Rockies' 2-1 win over Pirates https://plaintextsports.com/mlb/2026-06-20/pit-col Sun Jun 21 · Pirates 8 · Rockies 6 · Final Gonzalez and Reynolds homer as the Pirates hold off the Rockies 8-6 https://plaintextsports.com/mlb/2026-06-21/pit-col Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM https://plaintextsports.com/mlb/2026-06-23/sea-pit Around the Teams: * Cherington Explains the Bart Trade Latest developments: Pirates general manager Ben Cherington laid out his reasoning for dealing catcher Joey Bart to the Braves and updated the standing of prospect Konnor Griffin, plus Oneil Cruz and Endy Rodriguez. In a Post-Gazette interview, Cherington walked through the Bart-for-Hunter Stratton deal that added bullpen depth and cleared the Pirates' catching logjam, and gave a status report on top prospect Konnor Griffin. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/21/pirates-konnor-griffin-joey-bart-endy-rodriguez-oneil-cruz-mlb/stories/202606190055 * Jared Jones Takes a Liner Off His Elbow Latest developments: Pirates starter Jared Jones left Sunday's game in the third inning after a line drive struck his surgically repaired right pitching elbow. The Post-Gazette reported Jones, recently back from elbow surgery, exited the Colorado finale after the comebacker hit his throwing arm, a scary moment as the Pirates avoided a sweep by the Rockies. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/21/mlb-pirates-rockies-jared-jones/stories/202606190054 Team USA: * Special Olympics USA Games Open Latest developments: The 2026 Special Olympics USA Games kicked off June 20 in Minneapolis with nearly 3,000 athletes from all 50 states. The weeklong Games gather thousands of Team USA athletes across multiple sports in Minneapolis, with ESPN carrying live coverage and updates. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49112080/how-watch-2026-special-olympics-usa-games * ESPN Makes the Case for the USMNT Latest developments: ESPN argues the U.S. men's national team, fresh off topping Group D as a World Cup co-host, has earned reason to dream of a deep run. With the 2026 World Cup spread across the United States, Canada, and Mexico, ESPN writes that this U.S. squad carries a different feel its players and observers can sense heading into the knockout rounds. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49121797/ok-dream-big-usmnt-world-cup READING ---------------------------------------------------------------- * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Zitron extends his argument that the AI boom is a bubble, building on his scoop that OpenAI spent $34 billion to generate $13.07 billion in 2025 revenue. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ * Stratechery -- An Interview with Michael Morton About E-Commerce in the Age of AI Ben Thompson and Michael Morton discuss how AI reshapes e-commerce, covering distribution versus referral models, grocery, autonomous vehicles, and the trouble with unfalsifiable bear cases. https://stratechery.com/2026/an-interview-with-michael-morton-about-e-commerce-in-the-age-of-ai/ * Cal Newport -- AI Isn't Breaking Work. It's Already Broken. Responding to a Financial Times interview with Rebecca Hinds of the Work AI Institute, Newport contends that knowledge work was already dysfunctional and AI merely exposes the dysfunction. https://calnewport.com/ai-isnt-breaking-work-its-already-broken/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1555 ▲ +0.1% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1% ================================================================ Generated 2026-06-21 21:09 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================