================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Tuesday, June 23, 2026 - 9:05 PM EDT ================================================================ A White House order put federal encryption on a hard deadline to outrun quantum computers, even as the Klue supply-chain breach spread to LastPass and the FortiBleed campaign's 110-million-credential haul came into full view. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Washington put cybersecurity on a clock as President Trump's EO 14409 forces federal agencies onto post-quantum cryptography by 2031, racing future quantum computers. see: Post-Quantum Cryptography Executive Order * [TREND] A single compromised vendor keeps cascading as the Klue supply-chain breach turned stolen OAuth tokens into Salesforce data theft now reaching LastPass and more. see: Klue Salesforce Breach Spreads to LastPass * [TREND] Attackers and defenders raced over AI ground as evasive malicious skills slipped past every scanner on ClawHub while poisoned Reddit comments quietly steered deep-research agents. see: Malicious AI Skills Flood Agent Marketplaces * [UPDATE (new)] Newly surfaced campaigns hit core infrastructure as FortiBleed harvested 110 million FortiGate credentials and attackers exploited Cisco Unified CM as CISA pushed seven ICS advisories. see: FortiBleed FortiGate Credential Campaign; Cisco Unified CM Flaw Exploited as ICS Advisories Mount * [UPDATE (new)] Fresh data thefts mounted as Xsolis disclosed a phishing breach hitting 1.4 million people, Tata Electronics confirmed leaked files, and London Hydro lost customer data. see: Healthcare and Utility Data Breaches Mount * [UPDATE (new)] Markets and geopolitics churned as chip stocks led a Nasdaq selloff, the Hormuz blockade stranded $125 billion in cargo, and the Senate curbed Trump's Iran war powers. see: Global Tech Selloff Deepens; Hormuz Blockade Strands $125 Billion in Cargo; Senate Curbs Trump's Iran War Powers SECURITY ---------------------------------------------------------------- 1. POST-QUANTUM CRYPTOGRAPHY EXECUTIVE ORDER Policy and Regulation · [policy, encryption, quantum] Latest developments: President Trump signed executive order EO 14409 on June 22, 2026, drastically shortening the timeline and setting firm deadlines for federal post-quantum migration. Post-quantum cryptography replaces encryption that future quantum computers could break. The order requires U.S. agencies to move key establishment to PQC by December 31, 2030, and digital signatures by December 31, 2031, and it leaves national security systems on a separate track. - Ars Technica Security: https://arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/ - The Record: https://therecord.media/trump-directs-federal-agencies-quantum-cryptography - The Hacker News: https://thehackernews.com/2026/06/trump-order-sets-2030-deadline-for.html - SecurityWeek: https://www.securityweek.com/trump-signs-executive-order-accelerating-post-quantum-cryptography-migration/ 2. FORTIBLEED FORTIGATE CREDENTIAL CAMPAIGN Vulnerabilities and Exploits · [credential-theft, exploit] Latest developments: ZenoX and CloudSEK reconstructed the campaign's fully automated attack pipeline from a server the operators left exposed, confirming a Russian-speaking access broker harvested 110 million credentials across 430,000 FortiGate firewalls since February 2026. FortiBleed installs a custom Golang sniffer on compromised FortiGate firewalls to capture authentication credentials at scale. Organizations running internet-facing FortiGate devices should rotate credentials, hunt for the sniffer, and lock down management interfaces. - Help Net Security: https://www.helpnetsecurity.com/2026/06/23/fortibleed-investigation-remediation/ - The Hacker News: https://thehackernews.com/2026/06/fortibleed-targeted-fortigate-firewalls.html - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/fortibleed-attackers-firewalls-credentials-stealers - SecurityWeek: https://www.securityweek.com/russian-initial-access-broker-behind-fortibleed-campaign/ 3. CISCO UNIFIED CM FLAW EXPLOITED AS ICS ADVISORIES MOUNT Vulnerabilities and Exploits · [exploit, patch, ics] Latest developments: BleepingComputer reported attackers now exploit CVE-2026-20230, a high-severity server-side request forgery flaw in Cisco Unified Communications Manager, the same day CISA issued seven industrial advisories spanning Siemens SINEC INS, SIPROTEC 5, and WinCC, plus ABB Freelance, Hubbell Aclara, and B&R products. The Cisco flaw lets attackers coerce the call-control server into making unauthorized internal requests, and the CISA advisories cover OS command injection, weak key protection, and Linux kernel privilege escalation in operational-technology gear. Operators should patch Cisco Unified CM and apply the vendor fixes and countermeasures named in each advisory. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-04 - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-02 4. HEALTHCARE AND UTILITY DATA BREACHES MOUNT Data Breaches · [breach, healthcare, phishing] Latest developments: Healthtech firm Xsolis disclosed a phishing breach exposing sensitive data on nearly 1.4 million people, Tata Electronics confirmed a cyberattack as hackers leaked stolen files, and Canada's London Hydro disclosed theft of customer names, addresses, phone numbers, and account information. Three breaches across health technology, electronics manufacturing, and electric utilities exposed personal and account data this week. Affected customers should watch for phishing and fraud and rotate any credentials tied to the compromised accounts. - BleepingComputer: https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/tata-electronics-confirms-cyberattack-as-hackers-leak-data/ - SecurityWeek: https://www.securityweek.com/canadian-electricity-provider-london-hydro-discloses-data-breach/ 5. MALICIOUS AI SKILLS FLOOD AGENT MARKETPLACES AI Security · [ai, supply-chain] Latest developments: Palo Alto Networks' Unit 42 dissected ClawHub, OpenClaw's skill marketplace, finding evasive malicious skills that slip past automated scanners to deploy infostealers and run agentic financial fraud, while a Cornell Tech study showed a 13-word Reddit comment can poison AI deep-research agents. AI agent skill marketplaces let attackers distribute code that scanners mark safe; security firm AIR's harmless test skill reached 26,000 agents, including corporate accounts. Organizations should treat agent skills as untrusted supply-chain dependencies and restrict what each one can access. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/ - The Hacker News: https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/23/reddit-ai-search-poisoning-research/ 6. KLUE SALESFORCE BREACH SPREADS TO LASTPASS Data Breaches · [breach, supply-chain, extortion] Latest developments: LastPass confirmed attackers used OAuth tokens stolen in the Klue supply-chain breach to take customer data from its Salesforce environment, while the extortion group Icarus began publishing stolen data as the victim list grew. Attackers breached sales-intelligence vendor Klue, stole OAuth tokens linking to customers' Salesforce instances, and pivoted into connected environments. Affected Salesforce customers should revoke Klue tokens and audit every record reached through the integration. - BleepingComputer: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/scope-salesforce-attacks-expands-icarus-leaks-data BUSINESS AND POLITICS ---------------------------------------------------------------- * Global Tech Selloff Deepens Latest developments: A second straight day of declines hammered chipmakers Tuesday, with Nvidia among the names under pressure as the Nasdaq slid on fears the AI boom cannot sustain its spending. Investors dumped technology shares over stretched valuations, heavy AI capital spending, and the prospect of Federal Reserve rate increases, extending a rout that began Monday and rattling the megacap stocks that drove the market's record run. - WSJ Markets: https://www.wsj.com/finance/stocks/stocks-retreat-as-fears-deepen-about-strength-of-ai-boom-b0c9a310?mod=rss_markets_main - FT World: https://www.ft.com/content/10623865-5ff4-4357-9293-3c4ec841d1c4 * Hormuz Blockade Strands $125 Billion in Cargo Latest developments: Insurer Allianz called the strait's closure 'unprecedented' Tuesday, counting almost 1,200 cargo ships stranded with $125 billion of goods aboard. The blockade of the Strait of Hormuz, the chokepoint for roughly a fifth of the world's oil, has halted nearly 1,200 vessels and raised alarm over global maritime trade while the U.S.-Iran accord remains unsettled. - FT World: https://www.ft.com/content/4d3dd2b7-cb6b-410b-8c15-203904f32294 * Senate Curbs Trump's Iran War Powers Latest developments: Four Republicans joined Democrats Tuesday to pass a war-powers resolution directing President Trump to halt military operations against Iran absent congressional authorization, a week after he signed a framework with Tehran. The Senate's largely symbolic rebuke signals Republican disquiet over Trump's handling of the Iran conflict and the interim deal that freed Iranian oil sales and unfroze billions in funds. - WSJ Politics: https://www.wsj.com/politics/policy/senate-passes-measure-directing-trump-to-end-hostilities-with-iran-241363fc - FT World: https://www.ft.com/content/75fbdc7f-73a8-4a7a-a49d-738d75ad8d1a PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Clear, low 55F. Wednesday: Sunny, high 81F. Wednesday Night: Partly Cloudy, low 59F. Business: * Hoffmann Family's Penguins Purchase Approved Latest developments: The NHL approved Fenway Sports Group's sale of the Penguins to the Hoffmann family Tuesday, ending FSG's ownership as Commissioner Gary Bettman praised the buyers' 'great track record.' Fenway Sports Group, which bought the Pittsburgh Penguins in 2021, handed the franchise to the Hoffmann family; Mario Lemieux retains a stake, and Bettman vouched for the incoming owners. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/penguins/2026/06/23/fsg-fenway-sports-group-penguins-sale/stories/202606230047 - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/penguins/2026/06/23/gary-bettman-penguins-sale-hoffmann-family-mario-lemieux/stories/202606230056 * Regional Planners Approve $4.7 Billion for Transportation Latest developments: The Southwestern Pennsylvania Commission approved $4.7 billion in transportation projects spanning the next four years. The 10-county Southwestern Pennsylvania Commission, the region's metropolitan planning organization, set its four-year spending plan for roads, bridges, and transit across the Pittsburgh area. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/23/southwestern-pennsylvania-commission-regional-transportation-spending/stories/202606230060 * Pittsburgh Weighs Skill-Games Tax Latest developments: City Councilman Anthony Coghill floated taxing skill games inside Pittsburgh, hoping to grandfather the city in before Harrisburg acts, after the Pennsylvania Supreme Court cleared the way. Coghill says a municipal tax on the slot-like machines could bring millions into Pittsburgh's strained budget, following the state Supreme Court ruling that classified skill games under gaming law. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-proposed-tax-skill-games/ Around town: * Chartiers Valley Outsources Bus Service Latest developments: The Chartiers Valley School Board voted to hand student transportation to a private provider and furlough more than a dozen district transportation employees. The board's decision, opposed by the Pennsylvania State Education Association over job and student-safety concerns, shifts busing for the suburban district southwest of Pittsburgh to an outside company. - WTAE: https://www.wtae.com/article/pennsylvania-chartiers-valley-transportation-services/71677708 * Allegheny County Council Power on November Ballot Latest developments: Allegheny County Council advanced ballot questions letting voters decide in November whether to repeal long-standing limits on the council's budget and access to county-funded benefits. The referendums would let the 15-member council expand its own spending and benefits, a move county officials warn against amid budget constraints. - TribLive: https://triblive.com/local/allegheny-county-residents-to-vote-on-critical-amendments-to-councils-budget-and-benefits/ - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-local/2026/06/23/allegheny-county-council-budget-referendum-benefits-staff/stories/202606230059 * PRT Closes Washington Place by PPG Paints Arena Latest developments: Pittsburgh Regional Transit will shut part of Washington Place in Uptown for four days for University Line bus-route construction. The closure of a key approach to PPG Paints Arena supports PRT's University Line bus rapid transit project linking Downtown and Oakland. - TribLive: https://triblive.com/local/prt-to-restrict-key-road-to-ppg-paints-arena-for-4-days/ Events: * Pittsburgh Symphony's Summer of Movie Music Latest developments: The Pittsburgh Symphony Orchestra laid out a summer concert series built around film scores. The Pittsburgh Symphony Orchestra is devoting its summer programming to movie music, performing scores drawn from popular films. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/music/2026/06/22/pso-movie-music-pittsburgh-symphony-orchestra/stories/202606170061 SPORTS ---------------------------------------------------------------- Pirates (39-39) Tue Jun 23 · Mariners 3 · Pirates 2 · Bot 8th (in progress at last update) https://plaintextsports.com/mlb/2026-06-23/sea-pit Up Next · Mariners @ Pirates · Wed Jun 24, 6:40 PM https://plaintextsports.com/mlb/2026-06-24/sea-pit Around the Teams: * Pirates Get Good News on Jones, Griffin Latest developments: Tests came back negative for Jared Jones after a line drive struck his surgically repaired pitching elbow, and prospect Konnor Griffin will begin a rehab assignment, the Post-Gazette reported Tuesday. Jones, the Pirates starter hit on the right elbow Sunday in Colorado, avoided structural damage, while top prospect Konnor Griffin moves closer to a return; the update also touched O'Neil Cruz. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/23/injury-oneil-cruz-griffin-jones-barco-updates-mlb/stories/202606230038 * Beat Writers Weigh DK Metcalf's Year 2 Latest developments: A Post-Gazette podcast assessed how much upside receiver DK Metcalf carries into his second season with the Steelers. Post-Gazette writers gauged whether Metcalf, whom Pittsburgh acquired ahead of 2025, can post bigger numbers catching passes from quarterback Aaron Rodgers in 2026. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/22/nfl-news-rumors-podcast-dk-metcalf/stories/202606220030 * Footbahlin Toasts Pat Freiermuth's Wedding Latest developments: On the newest Footbahlin, Ben Roethlisberger congratulated tight end Pat Freiermuth on getting married amid a quiet Steelers offseason. The Channel Seven podcast, hosted by former Steelers quarterback Ben Roethlisberger, filled the news-light stretch with stories and a beer segment, leading off with Freiermuth's marriage. - Ben Roethlisberger / Channel Seven (YouTube): https://www.youtube.com/watch?v=1DYJnYIkD-g Team USA: * USMNT Weighs Rotation Against Türkiye Latest developments: Having clinched a World Cup knockout spot by topping Group D, the U.S. men face the choice of resting starters or keeping the same XI in Thursday's group finale against Türkiye. Mauricio Pochettino's United States, co-host of the 2026 World Cup, already reached the round of 32, turning the dead-rubber against Türkiye into a question of squad rotation versus match rhythm. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49140112/usmnt-faces-world-cup-dilemma-vs-turkiye-rotate-squad-keep-same-xi * Adams Risks Suspension Against Türkiye Latest developments: Tyler Adams said he still wants to play Thursday against Türkiye even though a yellow card would suspend him for the United States' already-clinched round-of-32 match. The U.S. captain and midfield anchor weighed the booking risk against sitting out the group finale, leaning toward playing. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49158022/usmnt-tyler-adams-wants-play-suspension-risk * Durant to Coach USA Basketball 3x3 Charity Event Latest developments: Kevin Durant will help coach a 3x3 tournament this summer benefiting various charities, USA Basketball announced. Durant, the all-time leading scorer in Olympic basketball and a four-time gold medalist, joins other USA Basketball figures turning to coaching for the charitable event. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49158595/kevin-durant-help-lead-charitable-3x3-tourney-usa-basketball READING ---------------------------------------------------------------- * Ed Zitron -- Cargo Culture Zitron argues the AI industry mimics the trappings of a productive boom while lacking the substance, drawing on his running case that companies like OpenAI and Anthropic burn vast sums without the economics to justify them. https://www.wheresyoured.at/cargo-culture/ * Stratechery -- Memory Chips and China, Microsoft and Chinese Models Ben Thompson contends the big three memory makers may regret opening the door to Chinese competitors, and that Microsoft has strong incentives to lean on Chinese AI models. https://stratechery.com/2026/memory-chips-and-china-microsoft-and-chinese-models/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport criticizes AI firms for publishing alarming safety claims about their own products, comparing it to a carmaker warning that its flagship vehicle is dangerous, and argues the practice serves marketing more than caution. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,454.06 ▲ +0.6% Dow 51,687.29 ▲ +1.5% Nasdaq 26,133.91 ▲ +1.1% WTI crude 77.00 ▼ -12.9% EUR/USD 1.1493 ▼ -0.7% GBP/USD 1.3277 ▼ -0.9% USD/JPY 161.06 ▲ +0.5% ================================================================ Generated 2026-06-23 21:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================