================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Tuesday, June 23, 2026 - 6:05 AM EDT ================================================================ President Trump ordered federal agencies onto post-quantum cryptography by 2031, the same day a 29-year-old Squid proxy flaw surfaced leaking cleartext credentials and rival AI tools raced to out-hunt each other's bugs. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] OpenAI's Daybreak ships a Codex Security scanner to fix flaws while an open-source model running the EVOHUNT playbook out-hunts it for about $1,400. see: OpenAI Daybreak and EVOHUNT Push Defensive AI * [TREND] Financially motivated crews keep abusing trusted channels, pushing the OXLOADER loader through Google Ads to drop CastleStealer while hiding a Windows RAT inside fake PostCSS npm packages. see: OXLOADER and Malicious npm Packages Spread Stealers * [UPDATE (new)] Washington forces a cryptographic reckoning as Trump's post-quantum cryptography order sets hard 2030 and 2031 deadlines for federal systems to abandon breakable encryption. see: Trump's Post-Quantum Cryptography Order * [TREND] Trusted infrastructure leaks private data, as Squidbleed bleeds cleartext through Squid proxy, residential proxy SDKs lurk in smart TV apps, and Xsolis and London Hydro disclose breaches. see: Squidbleed Leaks Cleartext Through Squid Proxy; Residential Proxy SDKs Hide in Smart TV Apps; Xsolis and London Hydro Disclose Breaches * [UPDATE (new)] Markets convulse as a global tech selloff erases $400 billion from SpaceX and pushes Nasdaq futures down, while Keir Starmer's Labour resignation opens a path for Burnham. see: Global Tech Selloff Deepens; Starmer Out; Labour Eyes Burnham Challenger SECURITY ---------------------------------------------------------------- 1. OPENAI DAYBREAK AND EVOHUNT PUSH DEFENSIVE AI AI Security · [ai, vulnerability] Latest developments: OpenAI expanded its Daybreak initiative with an improved GPT-5.5-Cyber and a Codex Security scanner to find and remediate flaws, the same day researchers showed an open-source model running their EVOHUNT playbook found real vulnerabilities at a higher rate than OpenAI's commercial Codex Security for about $1,400. Daybreak combines OpenAI models, the Codex Security scan tool, researchers, and maintainers to discover, validate, and fix software bugs, including an open-source 'Patch the Planet' push that takes on Anthropic's Mythos. The EVOHUNT result suggests a cheap, model-agnostic playbook can rival pricier commercial offerings. - The Hacker News: https://thehackernews.com/2026/06/openai-expands-daybreak-with-gpt-55.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/23/openai-expanded-daybreak-cybersecurity-initiative/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/23/codex-security-ai-security-auditing/ - Wired Security: https://www.wired.com/story/openai-launches-full-scale-effort-to-patch-open-source-bugs-as-it-takes-on-anthropics-mythos/ 2. XSOLIS AND LONDON HYDRO DISCLOSE BREACHES Data Breaches · [breach, healthcare] Latest developments: Healthcare analytics firm Xsolis said attackers accessed personal and protected health information it received from clients, affecting 1.4 million individuals, while London, Ontario electric utility London Hydro disclosed that hackers stole customers' names, addresses, email addresses, phone numbers, and account information. Two breaches hit a medical-data processor and a Canadian power utility, exposing health records and customer contact and account details. Affected individuals face heightened phishing and identity-theft risk and should watch statements and accounts. - SecurityWeek: https://www.securityweek.com/xsolis-data-breach-affects-1-4-million-individuals/ - SecurityWeek: https://www.securityweek.com/canadian-electricity-provider-london-hydro-discloses-data-breach/ 3. OXLOADER AND MALICIOUS NPM PACKAGES SPREAD STEALERS Ransomware and Cybercrime · [malware, supply-chain] Latest developments: Elastic Security Labs detailed OXLOADER, a previously unreported loader that likely Russian-speaking, financially motivated operators push through malicious Google Ads to deliver the CastleStealer info-stealer, while separately three malicious npm packages posing as PostCSS tools delivered a Windows remote-access trojan. Two fresh campaigns funnel info-stealers and remote-access trojans through trusted entry points—paid search ads and the npm registry. Defenders should scrutinize ad-sourced downloads and audit recently added JavaScript dependencies such as postcss-minify-selector and aes-decode-runner-pro. - The Hacker News: https://thehackernews.com/2026/06/new-oxloader-loader-uses-malicious.html - The Hacker News: https://thehackernews.com/2026/06/malicious-npm-packages-pose-as-postcss.html 4. TRUMP'S POST-QUANTUM CRYPTOGRAPHY ORDER Policy and Regulation · [policy, encryption] Latest developments: President Donald Trump signed an executive order requiring federal agencies to move high-value assets to post-quantum cryptography by the end of 2030 and high-impact systems by the end of 2031. The order accelerates the federal migration off encryption that future quantum computers could break, steering agencies toward NIST-standardized algorithms. Agencies running the most sensitive systems must inventory vulnerable cryptography and transition first. - SecurityWeek: https://www.securityweek.com/trump-signs-executive-order-accelerating-post-quantum-cryptography-migration/ 5. RESIDENTIAL PROXY SDKS HIDE IN SMART TV APPS Ransomware and Cybercrime · [proxy, privacy] Latest developments: Spur Intelligence scanned 6,038 LG webOS and Samsung Tizen apps and found 2,058 carrying residential proxy software—42.5 percent of LG apps and 26.9 percent of Samsung apps—that routes strangers' internet traffic out through owners' home connections. Screensaver, game, and slideshow apps on smart TVs quietly enroll living-room internet connections into residential proxy networks that criminals rent to mask malicious traffic. Owners gain nothing and bear the reputational and bandwidth cost of crime routed through their address. - Help Net Security: https://www.helpnetsecurity.com/2026/06/23/tv-residential-proxy-sdk/ 6. SQUIDBLEED LEAKS CLEARTEXT THROUGH SQUID PROXY Vulnerabilities and Exploits · [vulnerability, zero-day] Latest developments: Calif.io disclosed Squidbleed, a heap over-read tracing to a 1997 FTP-parsing change that leaks another user's cleartext HTTP requests—credentials and session tokens included—to anyone the Squid proxy already allows in its default configuration. Squidbleed is a Heartbleed-style data-exposure bug in the widely deployed Squid web proxy, surfaced with help from Claude Mythos Preview. Any organization running Squid in shared-proxy setups should patch immediately, since exploitation needs only permission to route traffic through the proxy. - The Hacker News: https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html - SecurityWeek: https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Global Tech Selloff Deepens Latest developments: SpaceX shares tumbled more than 16% on June 23, erasing roughly $400 billion in market value and reversing the rally from its debut, while rising U.S. bond yields drove Nasdaq futures down more than 2% and dragged Asian and European markets lower. A sell-off led by Elon Musk's SpaceX and other big technology stocks spread from Wall Street across global markets, lifting the dollar to a one-year high on safe-haven flows and bets on higher U.S. interest rates and pushing gold below $4,200 a troy ounce. - FT World: https://www.ft.com/content/10623865-5ff4-4357-9293-3c4ec841d1c4 - FT World: https://www.ft.com/content/c11d08ed-6668-4678-b829-1d50acbd12d4 - WSJ Markets: https://www.wsj.com/livecoverage/stock-market-today-dow-sp-500-nasdaq-06-23-2026?mod=rss_markets_main * Starmer Out; Labour Eyes Burnham Challenger Latest developments: With Keir Starmer's resignation as Labour leader now in hand, some Labour MPs are weighing whether to back a rival to Greater Manchester mayor Andy Burnham, the favorite to become prime minister, though sceptics lack the numbers to stop him. Starmer's exit opens a contest to lead Britain's governing party and the country, with Burnham the frontrunner; Brussels has postponed a planned July UK-EU summit on closer relations as it prepares for the prospect of a Burnham premiership. - FT World: https://www.ft.com/content/70332195-4151-4c8c-b516-7358d8e8969a - FT World: https://www.ft.com/content/f0b3f918-c13f-4164-9eb2-e1aa78ca1d29 PITTSBURGH ---------------------------------------------------------------- Weather: Today: Mostly Sunny, high 79F. Tonight: Mostly Clear, low 55F. Wednesday: Sunny, high 81F. Business: * City Council Races to Tax Skill Games Latest developments: Pittsburgh City Council is moving to tax skill-game terminals before Harrisburg acts, following the Pennsylvania Supreme Court ruling that classified the machines as slot machines. Council members want a municipal levy on the gaming terminals that fill bars and corner stores across Pittsburgh, racing a state legislature that is weighing its own statewide taxation after the high court's June decision subjected skill games to gaming law. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-local/2026/06/23/skill-games-pittsburgh-tax/stories/202606180068 * Pittsburgh Gas Prices Fall, but Slowly Latest developments: Pittsburgh-area gasoline prices began declining as the U.S.-Iran agreement calmed oil markets, though GasBuddy petroleum-analysis head Patrick De Haan said the local drop trails faster declines elsewhere in Pennsylvania and the country. De Haan said the easing of tensions between Washington and Tehran is pulling pump prices down regionally, but Pittsburgh drivers are seeing slower relief than motorists in other parts of the state and nation. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-gas-prices-dropping-pennsylvania-iran-war/ Around town: * Allegheny County Drafts Data-Center Zoning Latest developments: Allegheny County is drafting a model zoning ordinance for sustainable data-center development as residents press the county for safeguards before developers arrive. Residents worried about the noise, water, and electricity demands of data centers want county protections, but Allegheny County's reach is limited because zoning authority rests largely with individual municipalities. - PublicSource: https://www.publicsource.org/allegheny-county-data-center-limitations/ * Mars-Adams Merger Advances Latest developments: A proposed merger of Mars borough and Adams Township in Butler County moved a step closer, with a municipal vote the next hurdle. The two Butler County communities are exploring consolidation into a single municipality, a move that would reshape local government north of Pittsburgh. - Pittsburgh Post-Gazette: https://www.post-gazette.com/local/region/2026/06/22/adams-mars-merger-butler-municipal-vote/stories/202606220035 * Pennsylvania Election Board Sits Empty Latest developments: Pennsylvania's bipartisan election board is languishing because Governor Josh Shapiro has not appointed new members to fill it. The vacancies leave the panel that helps oversee election administration unable to function as the state heads toward another election cycle. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-state/2026/06/23/pennsylvania-election-board-shapiro/stories/202606230002 Events: * Pittsburgh BBQ and Bands Festival Latest developments: The Pittsburgh BBQ and Bands Festival runs Thursday, July 2, through Sunday, July 5, at the Monroeville Convention Center. The four-day festival at the Monroeville Convention Center, 209 Mall Boulevard in Monroeville, pairs national award-winning rib and barbecue vendors with live music. - Pittsburgh City Paper: https://www.pghcitypaper.com/food-drink/schwebels-shutdown-july-4th-bbq-and-more-pittsburgh-food-news/ * French Moderns at The Frick Latest developments: The Frick Pittsburgh is showing French Moderns, an exhibition of modernist painting that a City Paper review says resonates with today's changing world. French Moderns at The Frick Pittsburgh in Point Breeze gathers works by Henri Matisse, Pierre-Auguste Renoir, Edgar Degas, and other modernist painters. - Pittsburgh City Paper: https://www.pghcitypaper.com/arts-entertainment-2/visual-art/french-moderns-matisse-renoir-degas-at-the-frick-pittsburgh-new-exhibition/ * Pittsburgh Symphony's Movie-Music Summer Latest developments: The Pittsburgh Symphony Orchestra has built its summer schedule around film scores performed live. The orchestra is devoting the season to movie music, playing the soundtracks behind well-known films for Pittsburgh audiences. - Post-Gazette Music: https://www.post-gazette.com/ae/music/2026/06/22/pso-movie-music-pittsburgh-symphony-orchestra/stories/202606170061 SPORTS ---------------------------------------------------------------- Pirates (39-39) Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM https://plaintextsports.com/mlb/2026-06-23/sea-pit Around the Teams: * McCarthy Wants a 3-4 Defense Latest developments: A Post-Gazette piece lays out Steelers coach Mike McCarthy's plan to rebuild the defense around the 3-4 front he rode to a Super Bowl title. McCarthy, who won Super Bowl XLV with a 3-4 scheme, wants Pittsburgh to revive the front the franchise ran under Bill Cowher, Dick LeBeau, and Dom Capers, now in the hands of defensive coordinator Patrick Graham. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/22/nfl-34defense-mccarthy-cowher-lebeau-capers-graham/stories/202606170048 * DK Metcalf's Year 2 Upside Latest developments: A Post-Gazette video weighs how much more receiver DK Metcalf can give the Steelers in his second season in Pittsburgh. The discussion centers on Metcalf's room to grow as a No. 1 target after his first year with the team, now catching passes from quarterback Aaron Rodgers. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/22/nfl-news-rumors-podcast-dk-metcalf/stories/202606220030 * Wietgrefe's Scoreless Streak at Altoona Latest developments: MiLB Monday spotlights Pirates pitching prospect Connor Wietgrefe and the scoreless streak he is building at Double-A Altoona. The Post-Gazette's minor-league roundup highlights Wietgrefe's run of scoreless innings with the Altoona Curve as a development to watch in the Pirates' system. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/22/milb-prospects-wietgrefe-murf-gray-stafura-brazoban-hernandez/stories/202606210084 Team USA: * USMNT Weighs Rotation for Türkiye Finale Latest developments: Having clinched a knockout-round place by topping Group D, the U.S. men's national team faces a choice between rotating its lineup and keeping the same starting eleven for its dead-rubber group finale against Türkiye. Mauricio Pochettino's United States, a World Cup co-host, sealed first place in Group D with wins over Paraguay and Australia, draining the Türkiye match of stakes and opening a path for fringe players such as Alex Zendejas to make a first tournament appearance. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49140112/usmnt-faces-world-cup-dilemma-vs-turkiye-rotate-squad-keep-same-xi READING ---------------------------------------------------------------- * Stratechery -- Memory Chips and China, Microsoft and Chinese Models Argues the big three memory makers may come to regret opening the door to Chinese memory manufacturers, and that Microsoft is strongly incentivized to adopt Chinese AI models. https://stratechery.com/2026/memory-chips-and-china-microsoft-and-chinese-models/ * Cal Newport -- Dear AI Companies: Stop the “Doom Trolling” Contends that AI companies undercut themselves by publicly fretting about the dangers of their own products, likening it to Ford issuing alarming warnings about its bestselling F-150. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ * Ed Zitron -- Premium: The Silicon Valley Bubble (Part 2) Continues his case that Silicon Valley is in a bubble, building on his report that OpenAI's audited financials show it spent $34 billion to generate $13.07 billion in 2024-2025 revenue. https://www.wheresyoured.at/premium-the-silicon-valley-bubble-part-2/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,491.82 ▲ +1.6% Dow 51,688.13 ▲ +1.9% Nasdaq 26,353.29 ▲ +2.6% WTI crude 77.00 ▼ -12.9% EUR/USD 1.1527 ▼ -0.3% GBP/USD 1.3311 ▼ -0.6% USD/JPY 160.79 ▲ +0.3% ================================================================ Generated 2026-06-23 06:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================