================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 24, 2026 - 6:08 AM EDT ================================================================ The Five Eyes alliance warned that AI's threat to cybersecurity now arrives in months as Anthropic's Mythos model found flaws in classified US systems and its safety-tuned Fable 5 fell to jailbreaks within days. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Five Eyes agencies warned AI's offensive cyber threat now arrives in months as Anthropic's Mythos model surfaced flaws in classified US government systems. see: AI Models Cross Into Offensive Cyber Operations * [TREND] The Cordyceps technique smuggled hostile code through malicious pull requests into Azure Sentinel, Apache Doris, and Cloudflare's Workers SDK, eroding trust in vetted pipelines. see: Malicious Code Slips Into Developer and Agent Pipelines * [TREND] Law enforcement scored back-to-back wins as two Scattered Spider members admitted crippling Transport for London and the DoJ seized HuiOne scam-laundering infrastructure tied to Cambodia. see: Scattered Spider Guilty Pleas Over Transport for London; DoJ Seizes HuiOne Scam-Finance Infrastructure * [UPDATE (new)] Attackers are now actively exploiting Cisco Unified Communications Manager flaw CVE-2026-20230 alongside Ubiquiti and Lantronix bugs that CISA added to its exploited catalog. see: Cisco, Ubiquiti, and Lantronix Flaws Under Active Attack * [UPDATE (new)] Executive order EO 14409 set firm deadlines for federal agencies to migrate key establishment to post-quantum cryptography by 2030 and digital signatures by 2031. see: Federal Post-Quantum Migration Deadlines Set SECURITY ---------------------------------------------------------------- 1. AI MODELS CROSS INTO OFFENSIVE CYBER OPERATIONS AI Security · [ai, vulnerability, policy] Latest developments: The Five Eyes intelligence alliance issued a joint alert warning that AI's cybersecurity threat arrives in months rather than years, the same day a US official said Anthropic's Mythos model found vulnerabilities in classified government systems within hours and researchers bypassed the guardrails on the safety-tuned Fable 5 within days. Frontier AI models now discover software flaws faster than defenders can respond, and jailbreaks strip safeguards almost as quickly as vendors ship them. OpenAI refocused its Daybreak initiative on patching over discovery as officials warned both offensive capability and circumvention are accelerating. - The Record: https://therecord.media/five-eyes-alert-artificial-intelligence - SecurityWeek: https://www.securityweek.com/anthropics-mythos-model-found-vulnerabilities-in-classified-us-government-systems-official-says/ - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html - SecurityWeek: https://www.securityweek.com/openai-refocuses-cybersecurity-efforts-on-patching-over-discovery/ 2. DOJ SEIZES HUIONE SCAM-FINANCE INFRASTRUCTURE Ransomware and Cybercrime · [cybercrime, fraud, policy] Latest developments: The Justice Department seized a cloud computing account that subsidiaries of Cambodia's HuiOne Group used to move cyber-scam proceeds as the Treasury sanctioned nine individuals and 26 entities tied to Prince Group, and prosecutors extradited Algerian national Abdellah Belmili to face charges of running the Market0Day and Spoxy cybercrime marketplaces. HuiOne, cut off from the US financial system last year, allegedly helped launder money from Southeast Asian scam compounds. Belmili, 26, faces up to 30 years in prison. - The Hacker News: https://thehackernews.com/2026/06/doj-seizes-huione-cloud-account-tied-to.html - The Record: https://therecord.media/feds-seize-alleged-cyber-scam-infrastructure-southeast-asia - SecurityWeek: https://www.securityweek.com/algerian-man-extradited-to-us-for-running-cybercrime-marketplaces/ 3. CISCO, UBIQUITI, AND LANTRONIX FLAWS UNDER ACTIVE ATTACK Vulnerabilities and Exploits · [zero-day, patch, exploit] Latest developments: BleepingComputer, SecurityWeek, and The Hacker News confirmed attackers now exploit Cisco Unified Communications Manager flaw CVE-2026-20230 after a proof of concept exposed a file-write path to root, and CISA added four actively exploited bugs to its catalog—three in Ubiquiti UniFi OS and the Lantronix EDS5000 code-injection flaw CVE-2025-67038. CVE-2026-20230 is a server-side request forgery flaw in Cisco Unified CM that lets unauthenticated attackers reach internal systems. Administrators should apply Cisco's June patches alongside the Ubiquiti UniFi OS and Lantronix fixes without delay. - The Hacker News: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog 4. SCATTERED SPIDER GUILTY PLEAS OVER TRANSPORT FOR LONDON Ransomware and Cybercrime · [cybercrime, breach] Latest developments: Two men, aged 20 and 18, pleaded guilty in the United Kingdom on the first day of their trial to the August 2024 cyberattack that crippled Transport for London for months. The pair belonged to Scattered Spider, the cybercrime group behind a string of major intrusions across retail, telecom, and transit. Their pleas ended a case expected to run six weeks and mark a rare conviction of the group's members. - Krebs on Security: https://krebsonsecurity.com/2026/06/scattered-spider-hackers-plead-guilty-on-day-1-of-trial/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/scattered-spider-members-plead-guilty-to-hacking-transport-for-london/ - The Record: https://therecord.media/guilty-plea-tfl-cyberattack-scattered-spider-members 5. MALICIOUS CODE SLIPS INTO DEVELOPER AND AGENT PIPELINES Vulnerabilities and Exploits · [supply-chain, ai, patch] Latest developments: Dark Reading detailed Cordyceps, a malicious pull-request technique that abuses CI/CD weaknesses in Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris database, Cloudflare's Workers SDK, and Python's Black, while GitHub updated actions/checkout to block such pwn-request attacks and security firm AIR slipped a fake AI agent skill past every scanner it tested to reach roughly 26,000 agents. Attackers increasingly plant hostile code in trusted developer pipelines and agent marketplaces, where automated scans wave it through. Teams should pin and review third-party actions, restrict pull_request_target triggers, and vet agent skills before deployment. - Dark Reading: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows - The Hacker News: https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html - The Hacker News: https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html 6. FEDERAL POST-QUANTUM MIGRATION DEADLINES SET Policy and Regulation · [policy, encryption] Latest developments: Coverage of executive order EO 14409 detailed its concrete deadlines—federal agencies must move key establishment to post-quantum cryptography by December 31, 2030, and digital signatures by December 31, 2031—while leaving national security systems on a separate track. The order, signed June 22, 2026, accelerates the government's shift to encryption that resists future quantum computers, citing harvest-now-decrypt-later risk. Agencies must inventory high-value assets and high-impact systems first. - The Hacker News: https://thehackernews.com/2026/06/trump-order-sets-2030-deadline-for.html - Ars Technica Security: https://arstechnica.com/information-technology/2026/06/executive-order-bumps-up-deadline-to-move-off-quantum-vulnerable-crypto/ - The Record: https://therecord.media/trump-directs-federal-agencies-quantum-cryptography BUSINESS AND POLITICS ---------------------------------------------------------------- * Venezuela Readies Record $240 Billion Debt Restructuring Latest developments: Caracas will disclose roughly $240 billion in borrowing, far above prior estimates, launching the largest sovereign debt restructuring in history. Venezuela, following the overthrow of Nicolás Maduro, prepares to reveal a $240 billion debt pile and seek re-entry into global capital markets, a workout that would surpass any sovereign restructuring on record. - FT World: https://www.ft.com/content/b7f25ca2-827c-40f9-ab1a-57067d8ec90d - FT Markets: https://www.ft.com/content/a95b5a66-de34-437a-8efa-cd3592def3e6 * Dollar Hits 13-Month High as Markets Price a Fed Hike Latest developments: After the two days of tech-led losses reported yesterday, equities steadied while the DXY dollar index climbed to a 13-month high and rates markets began pricing a possible Federal Reserve rate increase this year. A flight to safety lifted the dollar to its strongest in 13 months and drove the euro to a one-year low as investors who had bet on Fed cuts shifted toward the chance of a 2026 hike, pressuring gold, lifting Treasury yields, and stabilizing Wall Street after the AI-stock selloff. - WSJ Markets: https://www.wsj.com/livecoverage/stock-market-today-dow-sp-500-nasdaq-06-24-2026?mod=rss_markets_main - WSJ Markets: https://www.wsj.com/finance/currencies/asian-currencies-consolidate-may-be-weighed-by-risk-off-sentiment-5aef5a35?mod=rss_markets_main - WSJ Markets: https://www.wsj.com/finance/investing/jgb-futures-edge-higher-tracking-mild-gains-in-u-s-treasury-market-adfa0a58?mod=rss_markets_main * Oil Eases as Hormuz Shipping Resumes Latest developments: Crude fell as shipping through the Strait of Hormuz gradually resumed and international authorities reported improved safety, easing the blockade reported earlier this week. Allianz still counts roughly $125 billion of vessels and cargo stranded in the Persian Gulf after the Strait of Hormuz closure and reported mining, while oil retreated Wednesday as traffic began moving again and President Trump called for a probe into why U.S. gasoline prices stayed high as crude fell. - WSJ Markets: https://www.wsj.com/finance/commodities-futures/oil-falls-on-signs-of-more-easing-of-supply-disruptions-in-mideast-8b2de17c?mod=rss_markets_main - WSJ US Business: https://www.wsj.com/business/logistics/around-125-billion-of-vessels-cargo-remain-stranded-in-persian-gulf-allianz-says-474e6eb2?mod=pls_whats_news_us_business_f - WSJ US Business: https://www.wsj.com/business/energy-oil/trump-calls-for-lower-gasoline-prices-as-oil-falls-95080195?mod=pls_whats_news_us_business_f PITTSBURGH ---------------------------------------------------------------- Weather: Today: Sunny, high 81F. Tonight: Partly Cloudy, low 59F. Thursday: Partly Sunny then Chance Showers And Thunderstorms, high 84F. Business: * Pennsylvania House Passes $1.7 Billion Electricity Tax Cut Latest developments: The Pennsylvania House passed a $1.7 billion electricity tax cut and a measure setting a formula for utilities' 'reasonable return' on equity when they pursue rate increases. Pennsylvania's House approved legislation lowering electricity taxes by $1.7 billion and capping utility profits by defining a reasonable return on equity for rate hikes, aiming to ease power bills statewide. - PublicSource: https://www.publicsource.org/electricity-pennsylvania-tax-cuts-utilities/ * Pittsburgh Region Keeps Losing Residents Latest developments: A Pittsburgh City Paper analysis reports that most communities across the region have shed residents since the 2020 census and argues the loss need not signal decline. Pittsburgh City Paper finds that most municipalities in the Pittsburgh region have lost population since 2020 and challenges the planning orthodoxy equating growth with success, contending stable or shrinking populations can still mark healthy places. - Pittsburgh City Paper: https://www.pghcitypaper.com/news-2/most-pittsburgh-area-communities-are-losing-residents-heres-why-that-might-be-ok/ Around town: * Commercial Street Closes Thursday for Bridge Work Latest developments: PennDOT confirmed Commercial Street will close from 6 a.m. to 4 p.m. Thursday, June 25, and will also shut the Nine Mile Run Trail to bicyclists and pedestrians that day. PennDOT will close Commercial Street where it runs beneath the Parkway East outside the Squirrel Hill Tunnel for one day of testing ahead of next month's bridge-replacement project near Frick Park. - KDKA: https://www.cbsnews.com/pittsburgh/news/commercial-street-thursday-penndot-parkway-east-bridge-testing/ * Pittsburgh Officer Charged With Stealing Time From Target Job Latest developments: Authorities charged a Pittsburgh police officer Tuesday with misdemeanor theft by deception for 'stealing time' from his secondary job at the Target store in East Liberty. A Pittsburgh police officer faces a misdemeanor theft-by-deception charge after authorities say he billed hours he did not work at his secondary job at the Target in East Liberty. - TribLive: https://triblive.com/local/pittsburgh-cop-with-side-gig-at-target-charged-with-stealing-time/ * Chartiers Valley Outsources Its Bus Service Latest developments: The Chartiers Valley School Board narrowly voted Tuesday night to hand busing to a private provider and furlough 41 drivers, over objections from roughly 90 people at the meeting. Chartiers Valley School Board members approved a contract turning student transportation over to a private company and furloughing 41 district drivers, a decision that drew emotional protest from parents and bus drivers. - WPXI: https://www.wpxi.com/news/local/chartiers-valley-school-board-votes-outsource-transportation-41-drivers-be-furloughed/NULO255VWNDXRJYK7UQLVRD3VM/ - TribLive: https://triblive.com/local/carlynton/chartiers-valley-outsources-transportation-services-in-heated-meeting/ Events: * Eddie Ifft Plays the Oaks Theater Latest developments: Comedian Eddie Ifft, a Fox Chapel native, headlines the Oaks Theater in Oakmont on Thursday, July 2, 2026. Eddie Ifft, the Pittsburgh-born stand-up comedian who grew up in Fox Chapel, performs at the Oaks Theater in Oakmont on Thursday, July 2, 2026, just across the Allegheny River from his hometown. - Pittsburgh City Paper: https://www.pghcitypaper.com/arts-entertainment-2/comedy/comedian-and-native-pittsburgher-eddie-ifft-exclusive-interview/ * Pittsburgh Symphony Closes Its Season Latest developments: The Pittsburgh Symphony Orchestra capped its classical season with Aaron Copland's 'Appalachian Spring,' and a Post-Gazette analysis found its attendance rising over the year. The Pittsburgh Symphony Orchestra ended its 2025-26 classical season at Heinz Hall downtown with Aaron Copland's 'Appalachian Spring,' as the orchestra drew larger audiences ahead of its summer film-score concerts. - Post-Gazette Music: https://www.post-gazette.com/ae/music/2026/06/24/pittsburgh-symphony-orchestra-classical-season/stories/202606240010 SPORTS ---------------------------------------------------------------- Pirates (39-40) Tue Jun 23 · Mariners 3 · Pirates 2 · Final Cole Young hits a two-run home run in the seventh to lift Mariners to a 3-2 victory over Pirates https://plaintextsports.com/mlb/2026-06-23/sea-pit Up Next · Mariners @ Pirates · Wed Jun 24, 6:40 PM https://plaintextsports.com/mlb/2026-06-24/sea-pit Around the Teams: * Steelers Add Cornerback Jamel Dean Latest developments: On Steelers Nation Radio's SNR Drive, Matt Williamson and Wes Uhler broke down the Steelers' addition of cornerback Jamel Dean and how he fits the defense. The Steelers added veteran cornerback Jamel Dean, and SNR Drive hosts Matt Williamson and Wes Uhler assessed where he slots into Pittsburgh's secondary. - Pittsburgh Steelers (YouTube): https://www.youtube.com/shorts/fdaQSSO9Z4s * McCarthy Wants a Super Bowl-Style 3-4 Defense Latest developments: A Post-Gazette piece traced how Steelers coach Mike McCarthy wants to rebuild the 3-4 defense behind his Super Bowl win. Post-Gazette writers explained how Steelers coach Mike McCarthy, drawing on the 3-4 scheme that earned him a Super Bowl, aims to have new coordinator Patrick Graham build a similar front in Pittsburgh. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/22/nfl-34defense-mccarthy-cowher-lebeau-capers-graham/stories/202606170048 * Skenes Debuts a Giant Sheetz Hot Dog Latest developments: Pirates ace Paul Skenes introduced a supersized hot dog at the Sheetz in Shaler. Pirates pitcher Paul Skenes unveiled a custom supersized hot dog at the Sheetz convenience store in Shaler, the latest local tie-in for the franchise's star ace. - Post-Gazette Pirates: https://www.post-gazette.com/life/food/2026/06/23/sheetz-paul-skenes-hot-dog/stories/202606230042 Team USA: * Pochettino Reflects as USMNT Nears Türkiye Finale Latest developments: Coach Mauricio Pochettino said he felt 'naïve' about the program's complacency when he took over in 2024, with the United States, already through to the round of 32, set to close Group D against Türkiye on Thursday. Mauricio Pochettino, reflecting on a dominant start to the 2026 World Cup the United States co-hosts, called the team's earlier complacency a 'big punch' and credited his cultural overhaul as the U.S. weighs resting starters in its group finale against Türkiye. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49162699/pochettino-admits-naive-usmnt-culture-2024-arrival-world-cup-2026 - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49140112/usmnt-faces-world-cup-dilemma-vs-turkiye-rotate-squad-keep-same-xi * New York Studies a 2042 Winter Olympics Bid Latest developments: New York Governor Kathy Hochul launched a year-long review of a joint Lake Placid-New York City bid for the 2042 Winter Olympics. Governor Kathy Hochul formed a committee to study whether Lake Placid in the Adirondacks and New York City could jointly host the 2042 Winter Games, citing existing venues and a shift in International Olympic Committee site policy. - Guardian Olympics: https://www.theguardian.com/sport/2026/jun/23/new-york-winter-olympics-2042-bid-lake-placid-nyc * Bode Miller Arrested on Drug Charges Latest developments: Olympic gold-medal skier Bode Miller pleaded not guilty to two misdemeanor drug charges after his arrest in Idaho for possessing psilocybin mushrooms. Bode Miller, the U.S. Olympic gold medalist alpine skier, was arrested in Idaho on a charge of possessing psilocybin mushrooms and has pleaded not guilty to two misdemeanor counts. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49157018/ex-olympic-skier-bode-miller-arrested-drug-charges-idaho READING ---------------------------------------------------------------- * Stratechery -- My Vibe Coding Adventure, The App and the Experience, Ten Takeaways Ben Thompson recounts using AI tools to 'vibe code' an app he plans to use regularly, walking through the finished product, the building experience, and ten broader takeaways about what AI-assisted software development means. https://stratechery.com/2026/my-vibe-coding-adventure-the-app-and-the-experience-ten-takeaways/ * Ed Zitron -- Cargo Culture Zitron argues the tech and AI industry imitates the outward rituals and trappings of past successes while lacking the underlying substance and economics that made them work, a cargo-cult mindset he traces through companies like Nvidia and Anthropic. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the “Doom Trolling” Newport contends AI firms undercut their own credibility by publicizing apocalyptic warnings about their products as a marketing tactic, illustrating the absurdity with a hypothetical of Ford warning that its F-150 could endanger humanity. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,454.06 ▲ +0.6% Dow 51,687.29 ▲ +1.5% Nasdaq 26,133.91 ▲ +1.1% WTI crude 75.49 ▼ -12.5% EUR/USD 1.1493 ▼ -0.7% GBP/USD 1.3277 ▼ -0.9% USD/JPY 161.06 ▲ +0.5% ================================================================ Generated 2026-06-24 06:08 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================