infosecfollow

daily plain-text briefing: security, markets, business, and pittsburgh

A WhatsApp-borne malware campaign and an unpatchable iPhone boot exploit defined the day while defenders raced to govern AI agents spreading through enterprises.

Emerging Trends and Key Updates

Trend Attackers route through legacy infrastructure to hijack AI agents now piloted by 71% of organizations, even as Jaya Baloo argues against gating cyber-capable AI models.
Trend ShinyHunters inflicts mass damage with stolen credentials and no malware, while a worldwide WhatsApp campaign quietly drops legitimate RMM monitoring software through a multi-stage chain.
Update · new Researchers published a working usbliter8 proof-of-concept against Apple's SecureROM, a silicon-level flaw reaching millions of iPhones built on the A12 and A13 chips.
Trend AI skepticism runs through the Reading list as Zitron extends his bubble case, Newport blasts doom trolling, and Thompson weighs Apple price hikes against E.U. rules.
Update · new U.S. and Iranian negotiators in Switzerland called the session a good foundation while floating a Hormuz and Lebanon plan that sent oil prices lower.
Update · new Pennsylvania legislators moved to shield schools and hospitals from ICE arrests as Murrysville residents battled acid-mine drainage fouling streams feeding Turtle Creek.

Security

1. Legacy Infrastructure Hijacks AI Agents

AI Security · [ai, agents]

Latest developments: After a Gartner Security & Risk Management Summit talk, The Hacker News warned that attackers route through legacy infrastructure to hijack the AI agents that 71% of organizations now pilot, while Asymptote Labs shipped Agent Beacon, an open-source telemetry layer that logs what agents such as Claude Code, Codex CLI, and Cursor do across laptops, CI jobs, and cloud environments.

AI agents edit files, run commands, and call outside tools with little oversight, and aging systems hand intruders a foothold to commandeer them. Teams should instrument every agent and treat each as a governed identity.

Sources: The Hacker News · Help Net Security · ↑ top

2. WhatsApp VBScript Campaign Drops RMM Software

Ransomware and Cybercrime · [malware, rmm]

Latest developments: Kaspersky's Securelist documented a worldwide campaign that distributes VBScript files through WhatsApp and installs a UEMS remote monitoring and management agent through a multi-stage infection chain.

The operation tricks recipients into running VBS scripts that fetch legitimate RMM software, handing operators full remote control of infected machines. Users should refuse scripts that arrive over messaging apps.

Sources: Securelist (Kaspersky) · ↑ top

3. ShinyHunters Breaches Skip Malware and Zero-Days

Ransomware and Cybercrime · [extortion, identity, breach]

Latest developments: SecurityWeek analyzed the recent ShinyHunters breaches and found the group inflicts mass damage without malware or zero-day exploits, leaning on stolen credentials and abused integrations instead.

ShinyHunters extorts companies by socially engineering access and looting connected SaaS platforms, the same pattern behind its Kodak breach. Defenders should tighten identity controls and audit third-party integrations.

Sources: SecurityWeek · ↑ top

4. usbliter8 PoC Reaches Millions of iPhones

Vulnerabilities and Exploits · [exploit, apple, hardware]

Latest developments: Researchers published a working proof-of-concept for usbliter8, and SecurityWeek reported the flaw reaches millions of iPhones built on Apple's A12 and A13 chips.

usbliter8 runs arbitrary code inside SecureROM, the boot code Apple burns into its A12 and A13 silicon at manufacture, so no software update can close it; the affected chips power a generation of older iPhones.

Sources: SecurityWeek · ↑ top

5. Debate Sharpens Over Gating Cyber-Capable AI Models

Policy and Regulation · [ai, policy]

Latest developments: Jaya Baloo, chief operating officer and chief information security officer at Aisle, told Help Net Security that gating cyber-capable AI models misreads how attackers and defenders operate and that open-weight models cut both ways, sharpening the fight over Washington's ban on exporting Anthropic's Claude Fable 5 and Mythos 5.

Policymakers weigh restricting powerful hacking-capable AI models, yet defenders rely on the same tools to guard networks. Baloo argues that access limits widen the gap between attackers and the teams chasing them.

Sources: Help Net Security · ↑ top

Business and Politics

U.S.-Iran Talks Press Toward a Permanent Deal

Latest developments: U.S. and Iranian negotiators wrapped a second day of talks in Obbürgen, Switzerland, with Vice President JD Vance calling the session a 'good foundation' and mediators floating a plan to ease Lebanon and Hormuz tensions, sending oil lower.

Diplomats are working in Switzerland to turn the U.S.-Iran ceasefire into a permanent settlement that governs Strait of Hormuz shipping; more than 400 tankers wait near the strait for a full reopening, and operators refuse to move until the truce firms up.

Sources: WSJ World News · FT Markets · WSJ Markets · ↑ top

Pittsburgh

Weather

Today: Showers And Thunderstorms Likely, high 78F.

Tonight: Showers And Thunderstorms then Mostly Cloudy, low 59F.

Tuesday: Mostly Sunny, high 78F.

Business

Liberty Pole Spirits Makes Bleier Family Whiskey

Latest developments: Liberty Pole Spirits has teamed with former Steelers running back Rocky Bleier to produce a Bleier Family whiskey and a rye-bourbon blend it calls Penntucky, the Post-Gazette reported.

Liberty Pole Spirits is bottling a branded Rocky Bleier family whiskey and a rye-bourbon blend named Penntucky, joining Pittsburgh craft distillers Wigle and Iron City in the region's spirits trade.

Sources: Pittsburgh Post-Gazette · ↑ top

Around Town

Two Synagogues Merge Into Beit Kulanu

Latest developments: Two Pittsburgh synagogues have combined into a single congregation named Beit Kulanu, the Post-Gazette reported.

Beit Kulanu—Hebrew for 'a house for all of us'—unites two Pittsburgh Jewish congregations into one body, a consolidation that tracks shifting membership across the region's synagogues.

Sources: Pittsburgh Post-Gazette · ↑ top

Murrysville Fights Acid-Mine Drainage

Latest developments: Murrysville residents are attacking acid-mine drainage fouling streams that feed Turtle Creek, TribLive reported.

In Murrysville, a Westmoreland County town that markets its wooded streams, residents are pursuing multiple fixes for acid-mine drainage that carries pollution down through stormwater channels to Turtle Creek.

Sources: TribLive · ↑ top

Pennsylvania Bills Would Shield Sensitive Spaces From ICE

Latest developments: State Senator Lindsey Williams and other Pennsylvania legislators introduced a package of bills to bar immigration arrests at schools, hospitals, and polling places, TribLive reported.

After Congress directed an additional $70 billion to Immigration and Customs Enforcement and Border Patrol, Williams and her colleagues want to protect 'sensitive' Pennsylvania spaces—schools, hospitals, and polling places—from immigration-based arrests.

Sources: TribLive · ↑ top

Sports

Pirates (39-39)

Sun Jun 21 · Pirates 8 · Rockies 6 · Final

Gonzalez and Reynolds homer as the Pirates hold off the Rockies 8-6

Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM

Around the Teams

Pirates' Questions on Cruz, Griffin, and Jones

Latest developments: Returning home from a mediocre road trip, the Pirates face fresh questions about O'Neil Cruz, prospect Konnor Griffin, and the health of Jared Jones, the Post-Gazette wrote.

The Post-Gazette laid out three issues confronting the Pirates as they open a homestand: O'Neil Cruz's form, top prospect Konnor Griffin's trajectory, and starter Jared Jones, who took a line drive off his surgically repaired pitching elbow.

Sources: Post-Gazette Pirates · ↑ top

Team USA

New York Studies Dual-City Winter Olympics Bid

Latest developments: New York State announced a committee to study whether New York City and Lake Placid should jointly bid for a future Winter Olympics, ESPN reported.

New York is exploring a dual-host Winter Olympics bid pairing New York City with Lake Placid, which staged the Games in 1932 and 1980; the committee will weigh the unusual two-city format.

Sources: ESPN Olympics · ↑ top

Reading

Cal Newport — Dear AI Companies: Stop the "Doom Trolling". Newport argues that AI companies undercut their credibility by publishing alarming warnings about their own products' dangers, likening the tactic to Ford fretting publicly that its F-150 is too powerful to sell.
Stratechery — Apple Price Increases, Apple Intelligence and the E.U.. Ben Thompson examines Apple finally raising prices while declining to ship its Apple Intelligence Siri features to the European Union, reading both moves through the lens of E.U. regulation.
Ed Zitron — Premium: The Silicon Valley Bubble (Part 2). Building on his scoop that OpenAI spent $34 billion to make $13.07 billion in revenue, Zitron continues his case that the AI investment era is a bubble nearing its end.

Markets

weekly average, change vs prior week

S&P 500     7,483.56  ▲ +1.6%
Dow        51,586.04  ▲ +1.8%
Nasdaq     26,297.74  ▲ +2.5%
WTI crude      79.01  ▼ -11.8%
EUR/USD       1.1555  ▲ +0.1%
GBP/USD       1.3359  = -0.0%
USD/JPY       160.50  ▲ +0.1%