daily plain-text briefing: security, markets, business, and pittsburgh
Two Scattered Spider teenagers admitted crippling London's transit network, while the FortiBleed campaign's Russian operator surfaced wielding 110 million harvested credentials.
Latest developments: Thalha Jubair, 20, of London and Owen Flowers, 18, of Walsall pleaded guilty under the Computer Misuse Act on the first day of a planned six-week trial, and a judge will sentence them July 16, 2026.
Scattered Spider operatives breached Transport for London in August 2024, halting service for months and running up £29 million in loss and recovery costs for the agency that runs Greater London's buses, Tube, and trains.
Sources: Krebs on Security · BleepingComputer · The Record · Help Net Security · ↑ top
Latest developments: SecurityWeek and Dark Reading identified a Russian initial access broker as the operator, wielding a Golang sniffer that has hit 430,000 FortiGate firewalls and captured 110 million credentials since February 2026.
FortiBleed plants custom sniffers on internet-facing FortiGate firewalls to harvest and validate authentication secrets, exposing thousands of organizations; operators should rotate credentials and harden exposed devices.
Sources: SecurityWeek · Dark Reading · Help Net Security · ↑ top
Latest developments: The Five Eyes intelligence alliance issued a joint alert saying AI's cyber risks arrive in months rather than years, the same day security firm AIR revealed a benign fake agent skill that passed every scanner and reached 26,000 agents, and researchers jailbroke Anthropic's safety-tuned Fable 5 within days.
Governments and researchers warn that AI tooling accelerates attacks and slips malicious or jailbroken capabilities past defenses; organizations need visibility into the agent skills and models their staff run.
Sources: The Record · The Hacker News · Schneier on Security · ↑ top
Latest developments: Dark Reading detailed Cordyceps, malicious pull requests that abuse CI/CD triggers across Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare's Workers SDK, and the Python Software Foundation's Black, while GitHub hardened actions/checkout against pwn-request attacks and researchers flagged npm packages posing as PostCSS tools to drop a Windows RAT.
Attackers increasingly target the developer pipeline itself through poisoned pull requests, workflow triggers, and trojanized packages; teams should pin actions, restrict the pull_request_target trigger, and vet dependencies.
Sources: Dark Reading · The Hacker News · The Hacker News · ↑ top
Latest developments: The Justice Department seized a cloud computing account that subsidiaries of the Southeast Asian Huione Group ran, and separately extradited 26-year-old Abdellah Belmili to face up to 30 years for operating the Market0Day and Spoxy cybercrime marketplaces.
U.S. authorities pressed parallel actions against scam and criminal-market infrastructure, targeting the Huione conglomerate the Treasury cut off from the U.S. financial system last year and an Algerian marketplace operator.
Sources: The Record · SecurityWeek · ↑ top
Latest developments: CISA added four actively exploited flaws to its Known Exploited Vulnerabilities catalog: Lantronix EDS5000 code injection CVE-2025-67038, and three Ubiquiti UniFi OS bugs, CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910.
The additions cover network gear from Lantronix and Ubiquiti widely deployed in enterprises; federal agencies and operators should patch promptly under CISA's binding directive.
Sources: CISA Advisories · ↑ top
Latest developments: Washington and Tehran publicly split Tuesday over whether Iran agreed to U.N. inspections of its nuclear sites, the first crack in the accord the prior briefing reported as President Trump freeing $6 billion in frozen Iranian funds.
As negotiators work to permanently end the war with Iran, the United States and Iran disagree over whether Tehran consented to international inspections of its nuclear sites, while a separate plan advanced to break the shipping bottleneck through the Strait of Hormuz and oil futures settled lower on the prospect of returning Iranian crude.
Sources: WSJ Markets · ↑ top
Latest developments: Cabinet ministers lined up behind Andy Burnham Tuesday and reports say he will demote Chancellor Rachel Reeves and review Britain's military investment plan, the cabinet-shaping detail beyond the prior briefing's word that he had a clear path to Downing Street.
Andy Burnham, the outgoing Greater Manchester mayor poised to replace Keir Starmer as UK prime minister within weeks, plans to demote Chancellor Rachel Reeves to a lesser role and hand key posts to Manchester allies, and his intent to review the long-awaited defense investment plan sets up a clash with the departing Starmer.
Sources: FT World · FT World · FT World · ↑ top
This Afternoon: Sunny, high 78F.
Tonight: Mostly Clear, low 55F.
Wednesday: Sunny, high 80F.
Latest developments: Giant Eagle said it is developing new value-oriented bread options after Schwebel Baking Company's wind-down, since Schwebel's also baked Giant Eagle's store-brand bread—a wrinkle beyond the closure already reported.
Schwebel Baking Company's decision to liquidate after more than 120 years pulls both its namesake loaves and Giant Eagle's private-label bread from shelves across western Pennsylvania, and Giant Eagle says it is lining up replacement value bread for shoppers.
Latest developments: Downtown's historic Fulton Building reopens Wednesday, June 24, as the Atterbury Hotel after a multimillion-dollar renovation.
The 1906 Fulton Building, which architect Grosvenor Atterbury designed for Carnegie Steel magnate Henry Phipps, reopens June 24 as the Atterbury Hotel, part of Marriott Bonvoy's Autograph Collection.
Sources: Pittsburgh Magazine · ↑ top
Latest developments: The Chartiers Valley School District board will vote on outsourcing its transportation services, a move the Pennsylvania State Education Association warns could threaten jobs and student safety.
The Chartiers Valley School District is deciding whether to hand its student transportation to an outside contractor, a step that would affect district drivers and that the Pennsylvania State Education Association opposes on safety grounds.
Latest developments: A community visioning effort opened to decide the future of the Penn State New Kensington campus once it closes.
Officials launched a public planning process to chart what becomes of the Penn State New Kensington campus in Westmoreland County after it shuts down, inviting residents to shape new uses for the site.
Latest developments: An Immigration and Customs Enforcement operation at the Sheetz station in Cranberry Township on Tuesday morning ended with one person in custody.
Federal agents conducted an ICE enforcement operation at a Sheetz gas station in Cranberry Township, Butler County, on Tuesday and took one person into custody.
Latest developments: Organizers announced Picklesburgh will run Thursday through Sunday, July 16 to 19, and bill it the largest edition yet.
Picklesburgh, the downtown Pittsburgh food festival that USA Today readers have voted America's best specialty food festival four times, returns July 16 to 19, 2026, staged by the Downtown Pittsburgh Partnership across the city's bridges.
Sources: Pittsburgh Magazine · ↑ top
Latest developments: Organizers released the program for the Andy Warhol Bridge's 100th-birthday party this weekend, adding contests, games, prizes, performances, art activities, and food and drink.
The Andy Warhol Bridge, which spans the Allegheny River between downtown Pittsburgh and the North Shore, marks its centennial this weekend with a celebration of contests, games, prizes, performances, art activities, and food and drink.
Pirates (39-39)
Up Next · Mariners @ Pirates · Tue Jun 23, 6:40 PM
Latest developments: A Post-Gazette feature laid out how Mike McCarthy wants to model the Steelers' defense on the 3-4 scheme he won a Super Bowl with in Green Bay.
The Post-Gazette detailed Mike McCarthy's plan to emulate with the Steelers the 3-4 defense that carried his Green Bay Packers to a title under coordinator Dom Capers, tracing the front's Pittsburgh lineage through Bill Cowher and Dick LeBeau.
Sources: Post-Gazette Steelers · ↑ top
S&P 500 7,491.82 ▲ +1.6% Dow 51,688.13 ▲ +1.9% Nasdaq 26,353.29 ▲ +2.6% WTI crude 77.00 ▼ -12.9% EUR/USD 1.1527 ▼ -0.3% GBP/USD 1.3311 ▼ -0.6% USD/JPY 160.79 ▲ +0.3%