================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Monday, June 22, 2026 - 9:06 AM EDT ================================================================ A WhatsApp-borne malware campaign and an unpatchable iPhone boot exploit defined the day while defenders raced to govern AI agents spreading through enterprises. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Attackers route through legacy infrastructure to hijack AI agents now piloted by 71% of organizations, even as Jaya Baloo argues against gating cyber-capable AI models. see: Legacy Infrastructure Hijacks AI Agents; Debate Sharpens Over Gating Cyber-Capable AI Models * [TREND] ShinyHunters inflicts mass damage with stolen credentials and no malware, while a worldwide WhatsApp campaign quietly drops legitimate RMM monitoring software through a multi-stage chain. see: ShinyHunters Breaches Skip Malware and Zero-Days; WhatsApp VBScript Campaign Drops RMM Software * [UPDATE (new)] Researchers published a working usbliter8 proof-of-concept against Apple's SecureROM, a silicon-level flaw reaching millions of iPhones built on the A12 and A13 chips. see: usbliter8 PoC Reaches Millions of iPhones * [TREND] AI skepticism runs through the Reading list as Zitron extends his bubble case, Newport blasts doom trolling, and Thompson weighs Apple price hikes against E.U. rules. see: Premium: The Silicon Valley Bubble (Part 2); Dear AI Companies: Stop the "Doom Trolling"; Apple Price Increases, Apple Intelligence and the E.U. * [UPDATE (new)] U.S. and Iranian negotiators in Switzerland called the session a good foundation while floating a Hormuz and Lebanon plan that sent oil prices lower. see: U.S.-Iran Talks Press Toward a Permanent Deal * [UPDATE (new)] Pennsylvania legislators moved to shield schools and hospitals from ICE arrests as Murrysville residents battled acid-mine drainage fouling streams feeding Turtle Creek. see: Pennsylvania Bills Would Shield Sensitive Spaces From ICE; Murrysville Fights Acid-Mine Drainage SECURITY ---------------------------------------------------------------- 1. LEGACY INFRASTRUCTURE HIJACKS AI AGENTS AI Security · [ai, agents] Latest developments: After a Gartner Security & Risk Management Summit talk, The Hacker News warned that attackers route through legacy infrastructure to hijack the AI agents that 71% of organizations now pilot, while Asymptote Labs shipped Agent Beacon, an open-source telemetry layer that logs what agents such as Claude Code, Codex CLI, and Cursor do across laptops, CI jobs, and cloud environments. AI agents edit files, run commands, and call outside tools with little oversight, and aging systems hand intruders a foothold to commandeer them. Teams should instrument every agent and treat each as a governed identity. - The Hacker News: https://thehackernews.com/2026/06/stop-your-legacy-infrastructure-from.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/22/agent-beacon-open-source-telemetry-layer-ai-agents/ 2. WHATSAPP VBSCRIPT CAMPAIGN DROPS RMM SOFTWARE Ransomware and Cybercrime · [malware, rmm] Latest developments: Kaspersky's Securelist documented a worldwide campaign that distributes VBScript files through WhatsApp and installs a UEMS remote monitoring and management agent through a multi-stage infection chain. The operation tricks recipients into running VBS scripts that fetch legitimate RMM software, handing operators full remote control of infected machines. Users should refuse scripts that arrive over messaging apps. - Securelist (Kaspersky): https://securelist.com/whatsapp-vbs-rmm-campaign/120290/ 3. SHINYHUNTERS BREACHES SKIP MALWARE AND ZERO-DAYS Ransomware and Cybercrime · [extortion, identity, breach] Latest developments: SecurityWeek analyzed the recent ShinyHunters breaches and found the group inflicts mass damage without malware or zero-day exploits, leaning on stolen credentials and abused integrations instead. ShinyHunters extorts companies by socially engineering access and looting connected SaaS platforms, the same pattern behind its Kodak breach. Defenders should tighten identity controls and audit third-party integrations. - SecurityWeek: https://www.securityweek.com/what-the-latest-shinyhunters-breaches-reveal-about-modern-cyberattacks/ 4. USBLITER8 POC REACHES MILLIONS OF IPHONES Vulnerabilities and Exploits · [exploit, apple, hardware] Latest developments: Researchers published a working proof-of-concept for usbliter8, and SecurityWeek reported the flaw reaches millions of iPhones built on Apple's A12 and A13 chips. usbliter8 runs arbitrary code inside SecureROM, the boot code Apple burns into its A12 and A13 silicon at manufacture, so no software update can close it; the affected chips power a generation of older iPhones. - SecurityWeek: https://www.securityweek.com/new-exploit-bypasses-apples-boot-defenses-affects-millions-of-iphones/ 5. DEBATE SHARPENS OVER GATING CYBER-CAPABLE AI MODELS Policy and Regulation · [ai, policy] Latest developments: Jaya Baloo, chief operating officer and chief information security officer at Aisle, told Help Net Security that gating cyber-capable AI models misreads how attackers and defenders operate and that open-weight models cut both ways, sharpening the fight over Washington's ban on exporting Anthropic's Claude Fable 5 and Mythos 5. Policymakers weigh restricting powerful hacking-capable AI models, yet defenders rely on the same tools to guard networks. Baloo argues that access limits widen the gap between attackers and the teams chasing them. - Help Net Security: https://www.helpnetsecurity.com/2026/06/22/jaya-baloo-aisle-gating-cyber-capable-ai-models/ BUSINESS AND POLITICS ---------------------------------------------------------------- * U.S.-Iran Talks Press Toward a Permanent Deal Latest developments: U.S. and Iranian negotiators wrapped a second day of talks in Obbürgen, Switzerland, with Vice President JD Vance calling the session a 'good foundation' and mediators floating a plan to ease Lebanon and Hormuz tensions, sending oil lower. Diplomats are working in Switzerland to turn the U.S.-Iran ceasefire into a permanent settlement that governs Strait of Hormuz shipping; more than 400 tankers wait near the strait for a full reopening, and operators refuse to move until the truce firms up. - WSJ World News: https://www.wsj.com/world/middle-east/war-in-lebanon-casts-shadow-over-renewed-iran-u-s-nuclear-talks-f457c7e9 - FT Markets: https://www.ft.com/content/9df718a9-8ee3-4d8b-a9ff-a29263d35a88 - WSJ Markets: https://www.wsj.com/livecoverage/stock-market-today-dow-sp-500-nasdaq-06-22-2026?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: Today: Showers And Thunderstorms Likely, high 78F. Tonight: Showers And Thunderstorms then Mostly Cloudy, low 59F. Tuesday: Mostly Sunny, high 78F. Business: * Liberty Pole Spirits Makes Bleier Family Whiskey Latest developments: Liberty Pole Spirits has teamed with former Steelers running back Rocky Bleier to produce a Bleier Family whiskey and a rye-bourbon blend it calls Penntucky, the Post-Gazette reported. Liberty Pole Spirits is bottling a branded Rocky Bleier family whiskey and a rye-bourbon blend named Penntucky, joining Pittsburgh craft distillers Wigle and Iron City in the region's spirits trade. - Pittsburgh Post-Gazette: https://www.post-gazette.com/life/drinks/2026/06/22/liberty-pole-spirits-rye-bourbon-penntucky-rocky-bleier-iron-city-wigle-cherry-b/stories/202606280008 Around town: * Two Synagogues Merge Into Beit Kulanu Latest developments: Two Pittsburgh synagogues have combined into a single congregation named Beit Kulanu, the Post-Gazette reported. Beit Kulanu—Hebrew for 'a house for all of us'—unites two Pittsburgh Jewish congregations into one body, a consolidation that tracks shifting membership across the region's synagogues. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/faith-religion/2026/06/21/torah-beit-kulanu-synagogue-congregation-unification/stories/202606210081 * Murrysville Fights Acid-Mine Drainage Latest developments: Murrysville residents are attacking acid-mine drainage fouling streams that feed Turtle Creek, TribLive reported. In Murrysville, a Westmoreland County town that markets its wooded streams, residents are pursuing multiple fixes for acid-mine drainage that carries pollution down through stormwater channels to Turtle Creek. - TribLive: https://triblive.com/local/westmoreland/murrysville-residents-tackling-acid-mine-drainage-problem-from-multiple-angles/ * Pennsylvania Bills Would Shield Sensitive Spaces From ICE Latest developments: State Senator Lindsey Williams and other Pennsylvania legislators introduced a package of bills to bar immigration arrests at schools, hospitals, and polling places, TribLive reported. After Congress directed an additional $70 billion to Immigration and Customs Enforcement and Border Patrol, Williams and her colleagues want to protect 'sensitive' Pennsylvania spaces—schools, hospitals, and polling places—from immigration-based arrests. - TribLive: https://triblive.com/local/valley-news-dispatch/state-legislators-propose-bills-to-keep-ice-officers-away-from-sensitive-spaces/ SPORTS ---------------------------------------------------------------- Pirates (39-39) Sun Jun 21 · Pirates 8 · Rockies 6 · Final Gonzalez and Reynolds homer as the Pirates hold off the Rockies 8-6 https://plaintextsports.com/mlb/2026-06-21/pit-col Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM https://plaintextsports.com/mlb/2026-06-23/sea-pit Around the Teams: * Pirates' Questions on Cruz, Griffin, and Jones Latest developments: Returning home from a mediocre road trip, the Pirates face fresh questions about O'Neil Cruz, prospect Konnor Griffin, and the health of Jared Jones, the Post-Gazette wrote. The Post-Gazette laid out three issues confronting the Pirates as they open a homestand: O'Neil Cruz's form, top prospect Konnor Griffin's trajectory, and starter Jared Jones, who took a line drive off his surgically repaired pitching elbow. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/22/mlb-trade-news-oneil-cruz-konnor-griffin-jared-jones/stories/202606220019 Team USA: * New York Studies Dual-City Winter Olympics Bid Latest developments: New York State announced a committee to study whether New York City and Lake Placid should jointly bid for a future Winter Olympics, ESPN reported. New York is exploring a dual-host Winter Olympics bid pairing New York City with Lake Placid, which staged the Games in 1932 and 1980; the committee will weigh the unusual two-city format. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49142546/ny-consider-future-dual-city-bid-winter-olympics READING ---------------------------------------------------------------- * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport argues that AI companies undercut their credibility by publishing alarming warnings about their own products' dangers, likening the tactic to Ford fretting publicly that its F-150 is too powerful to sell. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ * Stratechery -- Apple Price Increases, Apple Intelligence and the E.U. Ben Thompson examines Apple finally raising prices while declining to ship its Apple Intelligence Siri features to the European Union, reading both moves through the lens of E.U. regulation. https://stratechery.com/2026/apple-price-increases-apple-intelligence-and-the-e-u/ * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Building on his scoop that OpenAI spent $34 billion to make $13.07 billion in revenue, Zitron continues his case that the AI investment era is a bubble nearing its end. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1555 ▲ +0.1% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1% ================================================================ Generated 2026-06-22 09:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================