daily plain-text briefing: security, markets, business, and pittsburgh
An AI-assisted hunt unearths Squidbleed, a 29-year-old Squid proxy flaw, the same day stolen Klue OAuth tokens spread to HackerOne, Recorded Future, Snyk, and Tanium.
Latest developments: Researchers at Calif.io disclosed Squidbleed, a heap over-read tracing to a 1997 FTP-parsing change in the Squid web proxy that they surfaced with help from Claude Mythos Preview, and SecurityWeek likened it to Heartbleed.
The over-read leaks another user's cleartext HTTP request, including credentials or session tokens, to anyone the proxy already permits, and it survives in Squid's default configuration. Operators running Squid should patch at once.
Sources: The Hacker News · SecurityWeek · ↑ top
Latest developments: Manifold Security's Ax Sharma found 23 code-executing plugins squatting ClawHub's official @openclaw and @clawhub scopes, and Wake Forest University researchers found 282 of 444 AI-powered iOS apps exposing exploitable LLM credentials or backend access.
AI plugin registries and mobile apps hand attackers both running code and stolen keys: ClawHub failed to reserve its official scopes, and hundreds of iOS apps embed LLM API credentials an interceptor can lift. Developers should pin trusted publishers and move secrets server-side.
Sources: Help Net Security · Help Net Security · ↑ top
Latest developments: Israeli investigators described a fraudster who used AI to generate face-swap videos impersonating victims and draining their money, and Wired reported AI magnifying World Cup ticket and cloned-website scams ahead of the tournament.
Generative AI now produces convincing face-swap clips and fake event sites at scale, raising the bar for spotting fraud. Consumers should verify ticket sellers and treat unexpected video proof with suspicion.
Sources: Frank on Fraud · Wired Security · ↑ top
Latest developments: SecurityWeek named seven more victims—HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium—widening the fallout from the Klue OAuth-token theft.
Sales-intelligence vendor Klue lost OAuth tokens that linked to customers' Salesforce environments, and the latest disclosures pull a roster of major security firms into the blast radius. Affected customers should revoke tokens and audit Salesforce activity.
Sources: SecurityWeek · ↑ top
Latest developments: Elastic Security Labs disclosed OXLOADER, a previously unreported loader that buys malicious Google Ads to deliver the CastleStealer infostealer, tying the operator to a Russian-speaking, financially motivated crew.
OXLOADER starts from poisoned search ads, then drops CastleStealer to harvest data from infected machines. Defenders should block malvertising and scrutinize software downloaded through ad clicks.
Sources: The Hacker News · ↑ top
Latest developments: The Federal Court released on June 15 a public version of a ruling showing the Canadian Security Intelligence Service used a threat reduction warrant for the first time to reach into infected Canadian servers, home routers, and IoT gear and neutralize two foreign-run botnets.
A judge let CSIS alter compromised devices on Canadian soil to dismantle the botnets, the first use of these warrant powers for that purpose. The ruling sets a precedent for intelligence agencies remediating infections directly.
Sources: The Hacker News · ↑ top
Latest developments: Keir Starmer announced Monday he will leave Downing Street within weeks, ending the speculation reported earlier, with Health Secretary Wes Streeting backing former Manchester mayor Andy Burnham to succeed him.
Starmer quit as Labour leader and prime minister roughly two years after a landslide win, undone by a rebellion after May's local-election rout; Britain now heads for its sixth prime minister in seven years, and sterling and gilts steadied after the announcement.
Sources: WSJ World News · FT World · ↑ top
Latest developments: Vice President JD Vance said Monday that Iran agreed to invite International Atomic Energy Agency inspectors back in, calling it a 'major milestone' as the Switzerland talks continued.
U.S. and Iranian negotiators in Switzerland worked toward a permanent deal to end a four-month conflict; oil eased and over 400 tankers wait near the Strait of Hormuz, where transit is creeping back but could take weeks to reach half of prewar levels.
Sources: WSJ World News · FT Markets · ↑ top
This Afternoon: Showers And Thunderstorms Likely, high 78F.
Tonight: Showers And Thunderstorms Likely then Mostly Cloudy, low 59F.
Tuesday: Mostly Sunny, high 78F.
Latest developments: PNC Bank announced Monday it closed a $251.4 million fund to develop and preserve affordable rental housing across several states.
The Pittsburgh-based bank's fund targets construction and preservation of affordable rental units nationwide, channeling institutional capital into a housing supply squeeze.
Latest developments: The Army AI Integration Center showcased military robotics and artificial intelligence at Carnegie Mellon University's Robotics, AI and Autonomy Forum.
Carnegie Mellon, a longtime Army partner, hosted the forum to position Pittsburgh as a center for defense robotics and AI and to identify the military's critical needs.
Latest developments: Pitt Athletics and JMI Sports launched H2PNIL, a platform to drive name-image-likeness revenue and serve as a recruiting tool for coaches.
The platform expands the existing Pitt-JMI partnership, aiming to grow NIL dollars for University of Pittsburgh athletes and sharpen the school's competitive recruiting pitch.
Latest developments: WTAE detailed the full timeline of PennDOT's demolition on the Interstate 376 Parkway East, with crews working before and after a controlled blast to drop the old span.
PennDOT will use a controlled blast to bring down the aging bridge over the Parkway East, with demolition phases bracketing the explosion and affecting one of Pittsburgh's busiest commuter routes.
Latest developments: The severe-weather threat shifted northward over Pittsburgh, prompting a First Alert Weather Day with damaging winds and possible tornadoes Monday afternoon, June 22, beyond the soaking-rain forecast reported earlier.
Forecasters warned of isolated heavy downpours, gusty thunderstorms, and a tornado risk across western Pennsylvania on Monday, with a renewed chance of storms returning Thursday.
Sources: Pittsburgh Post-Gazette · WTAE · ↑ top
Latest developments: The Post-Gazette previewed the Pittsburgh Symphony Orchestra's summer slate built around film scores.
The Pittsburgh Symphony Orchestra is devoting its summer season to movie music, performing scores from the screen for Pittsburgh audiences.
Sources: Post-Gazette Music · ↑ top
Pirates (39-39)
Sun Jun 21 · Pirates 8 · Rockies 6 · Final
Gonzalez and Reynolds homer as the Pirates hold off the Rockies 8-6
Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM
Latest developments: The Post-Gazette reported that Mike McCarthy, who won a Super Bowl with a 3-4 defense, aims to build the Steelers' scheme in that mold under coordinator Patrick Graham.
McCarthy pointed to the lineage of Bill Cowher, Dick LeBeau, and Dom Capers as he laid out a 3-4 vision for the Steelers' defense heading into 2026.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: A Post-Gazette podcast weighed how much more receiver DK Metcalf can give the Steelers in his second season with the team.
The discussion gauged Metcalf's ceiling in 2026 as the Steelers' top wideout after his first year in Pittsburgh.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: The Post-Gazette's MiLB Monday highlighted pitching prospect Connor Wietgrefe's scoreless streak at Double-A Altoona.
Wietgrefe has drawn notice in the Pirates' farm system with a run of shutout work at Altoona, one of several prospects the column tracked across the minor leagues.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: With the U.S. men's national team already through to the knockout round, the question turned to whether coaches rotate the squad or keep the same starting eleven for the final Group D match against Türkiye.
The USMNT clinched a place in the World Cup round of 32 as a co-host and now faces a lineup decision for its closing group game against Türkiye, balancing rest against momentum.
Sources: ESPN Soccer · ↑ top
Latest developments: ESPN detailed how Alex Freeman, son of former Green Bay Packers Pro Bowl receiver Antonio Freeman, reached the U.S. men's World Cup roster.
Freeman, raised by an NFL father, carved his own route into the USMNT and is now playing in the 2026 World Cup on home soil.
Sources: ESPN Soccer · ↑ top
S&P 500 7,483.56 ▲ +1.6% Dow 51,586.04 ▲ +1.8% Nasdaq 26,297.74 ▲ +2.5% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1555 ▲ +0.1% GBP/USD 1.3359 = -0.0% USD/JPY 160.50 ▲ +0.1%