daily plain-text briefing: security, markets, business, and pittsburgh
Freshly disclosed flaws in the AI agent platforms Dify and AutoGen Studio, alongside OpenAI's new cyber model, push the security of artificial intelligence to the center of the day.
Latest developments: Zafran Security disclosed DifyTap, four vulnerabilities that let unauthenticated attackers read other tenants' AI conversations on the 146,000-star Dify platform, and Microsoft fixed AutoJack, a chain that turns a malicious webpage into arbitrary command execution inside its AutoGen Studio agent-prototyping interface.
Dify and AutoGen Studio are open-source platforms for building and prototyping AI agents used across many organizations. Operators should apply the vendor patches immediately and audit for cross-tenant access.
Sources: The Hacker News · BleepingComputer · ↑ top
Latest developments: OpenAI unveiled an improved GPT-5.5-Cyber and a Patch the Planet initiative to fix open-source software bugs, directly challenging Anthropic's Mythos, while Aisle Chief Operating Officer and Chief Information Security Officer Jaya Baloo argued that gating cyber-capable models widens the gap for defenders who depend on the same tools.
The dueling launches extend a running debate over whether hacking-capable AI models aid attackers or defenders more. Security teams weigh the identical capabilities for both offense and defense.
Sources: Wired Security · Help Net Security · ↑ top
Latest developments: SOCRadar revealed that the campaign installs custom sniffers on compromised FortiGate firewalls to siphon authentication secrets, and Fortinet acknowledged the operation, confirming attackers built a database of more than 86,000 working credentials.
FortiBleed targets internet-facing Fortinet FortiGate firewalls and VPN gateways worldwide. Administrators should rotate credentials, hunt for unauthorized sniffers, and harden exposed devices.
Sources: BleepingComputer · SecurityWeek · ↑ top
Latest developments: Kaspersky's Securelist and BleepingComputer detailed a global campaign that pushes VBScript files through WhatsApp messages carrying fake business documents, running a multi-stage chain that installs a UEMS remote monitoring and management agent and hands attackers full system access.
The campaign hits WhatsApp users across multiple countries with deceptive document lures. Recipients should distrust unsolicited attachments and block script execution.
Sources: BleepingComputer · Securelist (Kaspersky) · ↑ top
Latest developments: Wordfence found that attackers compromised ShapedPlugin's build and distribution pipeline, injecting backdoor code into Pro plugin releases shipped through the vendor's official licensed WordPress update channels.
ShapedPlugin sells premium WordPress plugins whose paying customers received tampered updates. Site owners running its Pro products should audit installations and restore clean releases.
Sources: The Hacker News · ↑ top
Latest developments: FFmpeg patched PixelSmash, a video-decoder flaw that enables remote code execution on Jellyfin media servers under certain conditions and triggers denial-of-service crashes in Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.
FFmpeg underpins video decoding in countless applications. Operators of the affected media software should update to the patched build at once.
Sources: BleepingComputer · ↑ top
Latest developments: Andy Burnham, the outgoing Greater Manchester mayor, now has a clear path into Downing Street within weeks, and former health secretary Wes Streeting emerged as the frontrunner for chancellor.
Keir Starmer resigned as UK prime minister and Labour leader Monday after Manchester mayor Andy Burnham signaled he would challenge him; Burnham gears up for civil-service talks as Britain's long two-party order frays.
Sources: FT World · FT World · ↑ top
Latest developments: Washington temporarily dismantled its oil sanctions on Tehran, clearing Iran to sell crude in dollars for the first time in decades and repatriate the profits, and oil prices fell.
Under the interim accord worked out in Switzerland, the United States let Iran export oil settled in dollars and waived related banking sanctions; crude futures dropped and Treasury yields rose as ships resumed crossing the Strait of Hormuz.
Sources: WSJ World News · WSJ Markets · ↑ top
Tonight: Isolated Rain Showers, low 59F.
Tuesday: Mostly Sunny, high 79F.
Tuesday Night: Mostly Clear, low 54F.
Latest developments: The former chief executive of Pittsburgh's Primanti Bros. acquired two Smoothie King locations in western Pennsylvania as his next venture.
The onetime head of the Primanti Bros. sandwich chain bought a pair of Smoothie King franchises in western Pennsylvania, moving from a Pittsburgh staple into the smoothie business.
Latest developments: Hempfield supervisors acknowledged that the 2020 site plan for a proposed Menards home-improvement store expired, and the township now wants to reallocate state grant money set aside for nearby traffic work.
Hempfield Township in Westmoreland County conceded the Menards big-box project tied to its road-improvement grant has stalled, so officials will redirect the state funding to other traffic upgrades.
Latest developments: A lawsuit alleges Sharon Regional owes millions of dollars in wage taxes it withheld from employee paychecks.
Sharon Regional, the Mercer County hospital system, faces a suit claiming it failed to remit millions in local wage taxes it deducted from workers' pay.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: PennDOT will close Commercial Street on Thursday, June 26, to test the system that will move the new span into place near Frick Park.
As part of the Commercial Street Bridge replacement beneath the Parkway East, crews will shut Commercial Street Thursday to trial the bridge-moving rig before the actual slide-in.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Pittsburgh Regional Transit moved and repurposed two of its bus stops at the Waterfront shopping mall in Homestead, ending a dispute with the mall's owners over safety.
PRT reworked two Waterfront bus stops in Homestead, closing out a standoff with the shopping center's ownership about rider and pedestrian safety at the stops.
Latest developments: The City of Pittsburgh and the Urban Redevelopment Authority are soliciting developers to build housing on dozens of vacant Larimer properties.
Pittsburgh and the URA opened a coordinated search for developers to redevelop dozens of empty lots across the Larimer neighborhood into new housing.
Pirates (39-39)
Sun Jun 21 · Pirates 8 · Rockies 6 · Final
Gonzalez and Reynolds homer as the Pirates hold off the Rockies 8-6
Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM
Latest developments: A Post-Gazette analysis framed the Pirates' return to PNC Park around O'Neil Cruz's form, prospect Konnor Griffin's timeline, and Jared Jones's elbow.
Back from a mediocre road trip, the Pirates confront three issues per the Post-Gazette: O'Neil Cruz's production, when top prospect Konnor Griffin arrives, and the health of starter Jared Jones, who took a line drive off his surgically repaired pitching elbow Sunday.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: On the June 22 SNR Drive, Matt Williamson and Wes Uhler discussed how quarterback Aaron Rodgers could build on his 2025 season with the Steelers.
The Steelers' SNR Drive show, hosted by Matt Williamson and Wes Uhler, broke down where Aaron Rodgers could improve in 2026 after his 2025 campaign leading the Pittsburgh offense.
Sources: Pittsburgh Steelers (YouTube) · ↑ top
Latest developments: Christian Pulisic returned to full U.S. training Monday, June 22, his first session since June 11, recovered from the left calf injury that kept him out against Australia.
Captain Christian Pulisic rejoined U.S. men's national team practice in Irvine, California, healed from the calf strain that sidelined him for the group win over Australia; the United States has clinched a knockout spot and closes Group D against Türkiye.
Sources: ESPN Soccer · ↑ top
Latest developments: USA Basketball named a 12-man World Cup qualifying team led by Pacers center Jay Huff and overseas veteran Mike James for games in early July.
USA Basketball announced its World Cup qualifying roster Tuesday, with Jay Huff, who appeared in all 82 games for the Indiana Pacers this past season, and longtime international standout Mike James among the dozen players bound for July fixtures.
Sources: ESPN Olympics · ↑ top
Latest developments: Alex Zendejas, the dual-national winger and surprise pick on Mauricio Pochettino's roster, has yet to play and could debut in the dead-rubber Group D finale against Türkiye.
Club América's Alex Zendejas, 28, who chose the United States over his birthplace of Mexico, watched the group-clinching wins over Paraguay and Australia from the bench; the U.S. men's final group match against Türkiye could give him his first World Cup minutes.
Sources: Guardian World Cup 2026 · ↑ top
S&P 500 7,491.82 ▲ +1.6% Dow 51,688.13 ▲ +1.9% Nasdaq 26,353.29 ▲ +2.6% WTI crude 79.01 ▼ -11.8% EUR/USD 1.1527 ▼ -0.3% GBP/USD 1.3311 ▼ -0.6% USD/JPY 160.79 ▲ +0.3%