infosecfollow

daily plain-text briefing: security, markets, business, and pittsburgh

Automated Tor sweeps planted webshells on Cisco Unified CM servers within days of a public proof of concept, the sharpest sign yet that the window between disclosure and exploitation has nearly closed.

Emerging Trends and Key Updates

Update · new BeyondTrust and LastPass confirmed Salesforce data theft as the extortion crew Icarus widened the Klue integration breach past a dozen victims.
Trend Attackers keep outracing patches, dropping Tor webshells onto Cisco Unified CM while fresh CI/CD flaws let anyone hijack millions of open-source repositories.
Trend Malware authors are turning defenses inward, burying nuclear and biological weapons text in spyware to trip the AI guardrails that automated analysis depends on.
Trend New macOS ClickFix infostealers and a no-admin security bypass surfaced alongside the Mistic backdoor feeding Qilin and Akira ransomware affiliates.
Trend Commentators sparred over AI's substance, with Ed Zitron decrying cargo-cult hype, Cal Newport panning doom trolling, and Ben Thompson recounting his vibe coding build.

Security

1. Cisco Unified CM Exploited via Tor Webshell Sweeps

Vulnerabilities and Exploits · [exploit, patch, rce]

Latest developments: Threat intelligence firm Defused reported its honeypots now see automated Tor sweeps abusing the WebDialer server-side request forgery to drop webshells and gain remote code execution on Cisco Unified CM servers.

CVE-2026-20230, a CVSS 8.6 server-side request forgery flaw in Cisco Unified Communications Manager and its Session Management Edition, lets unauthenticated attackers reach internal services; Cisco patched it in early June 2026 and admins should apply the fix immediately.

Sources: Help Net Security · The Hacker News · BleepingComputer · SecurityWeek · ↑ top

2. Klue Salesforce Breach Engulfs BeyondTrust and LastPass

Data Breaches · [breach, supply-chain]

Latest developments: BeyondTrust and LastPass confirmed attackers stole their Salesforce data, pushing past a dozen the Klue customers verifying theft as the extortion group Icarus published stolen files.

Attackers breached market-intelligence platform Klue and used its stolen OAuth tokens to reach customers' Salesforce environments; affected firms should revoke Klue's tokens and review Salesforce access logs.

Sources: SecurityWeek · Help Net Security · BleepingComputer · Dark Reading · ↑ top

3. CI/CD Flaws Let Anyone Hijack Open-Source Repos

Vulnerabilities and Exploits · [supply-chain, exploit]

Latest developments: SecurityWeek reported newly disclosed CI/CD defects that let unauthenticated users seize control of millions of open-source repositories, deepening the pull-request supply-chain risk that Cordyceps exposed and that GitHub's actions/checkout update now blocks.

The flaws abuse continuous-integration workflows—the same pwn-request and Cordyceps patterns hitting Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare's Workers SDK, and Python's Black—to inject code; maintainers should pin actions and lock down workflow triggers.

Sources: SecurityWeek · Dark Reading · The Hacker News · ↑ top

4. macOS Hit by ClickFix Infostealers and Security-Bypass Gap

Vulnerabilities and Exploits · [macos, malware]

Latest developments: Two fresh macOS threats surfaced today: Dark Reading described a gap that lets ordinary users disable security and browser tools without admin rights or kernel exploits, and BleepingComputer detailed a ClickFix campaign that silently mounts malicious DMG files to plant infostealers.

Both techniques target macOS endpoints—one neutralizes defenses, the other delivers payloads through Terminal commands; teams should restrict Terminal abuse and monitor for silent disk-image mounts.

Sources: Dark Reading · BleepingComputer · ↑ top

5. Mistic Backdoor Feeds Ransomware Access Brokers

Ransomware and Cybercrime · [ransomware, malware]

Latest developments: SecurityWeek and BleepingComputer detailed Mistic, a stealthy backdoor that initial access broker Woodgnat, also tracked as KongTuke, runs to seed ransomware from Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.

Mistic hits insurance, education, IT, and professional-services firms, handing operators a foothold they resell to multiple ransomware crews; defenders should hunt for the backdoor and broker activity.

Sources: SecurityWeek · BleepingComputer · ↑ top

6. Malware Hides Behind AI Safety Guardrails

AI Security · [ai, malware]

Latest developments: Bruce Schneier flagged a malware developer who buries fake instructions about nuclear and biological weapons inside spyware comments, betting the policy-triggering text makes automated AI analysis refuse the file.

The trick exploits the AI safety guardrails defenders increasingly lean on to triage malware, arriving as The Hacker News warns of agentic adversaries that operate at machine speed; analysts should not depend on AI scanning alone.

Sources: Schneier on Security · The Hacker News · ↑ top

Pittsburgh

Weather

Today: Sunny, high 81F.

Tonight: Partly Cloudy, low 59F.

Thursday: Partly Sunny then Chance Showers And Thunderstorms, high 84F.

Business

Pittsburgh Council Votes on Skill-Games Tax

Latest developments: Pittsburgh City Council scheduled a preliminary and final vote Wednesday, June 24, on the skill-games tax that Councilman Anthony Coghill floated a week earlier.

Pittsburgh City Council moved to tax the slot-like skill-games machines inside the city, acting ahead of Harrisburg after the Pennsylvania Supreme Court classified the devices as slot machines.

Sources: WPXI · ↑ top

Westmoreland Cancels Park EV Chargers

Latest developments: Westmoreland County canceled its long-planned contract to install electric-vehicle charging stations in county parks.

Westmoreland County dropped a project to place electric-vehicle chargers in its parks, ending a plan the county had pursued for years.

Sources: TribLive · ↑ top

Around Town

Sharpsburg Names Court for Greg Domian

Latest developments: Sharpsburg will dedicate the Kennedy Park basketball court to longtime community advocate Greg Domian.

Sharpsburg is naming the Kennedy Park basketball court for Greg Domian, honoring his years of advocacy in the borough, with anticipation building locally around the dedication.

Sources: TribLive · ↑ top

Hempfield Upgrades Founders Park

Latest developments: Hempfield Township plans to spend up to $75,000 on fencing, signage, and other amenities at Founders Park.

Hempfield Township will invest as much as $75,000 to improve the visitor experience at Founders Park with new fencing, signage, and added amenities.

Sources: TribLive · ↑ top

Brick Pitt Lego Shop Opens in Indiana Township

Latest developments: Bob and Tara Raposa grew their Lego side business into the Brick Pitt, an independent shop in Indiana Township.

Bob and Tara Raposa run the Brick Pitt in Indiana Township, an independent retailer of Lego sets that gives collectors a local alternative to chain stores.

Sources: TribLive · ↑ top

Events

Nia Sioux in CLO's 'Mean Girls'

Latest developments: Nia Sioux, the 'Dance Moms' alum, returns to Pittsburgh to perform with Pittsburgh CLO.

Nia Sioux, who rose to fame on Lifetime's 'Dance Moms,' performs in Pittsburgh CLO's production of 'Mean Girls' at the Benedum Center, Downtown.

Sources: Post-Gazette Arts & Entertainment · ↑ top

Sports

Pirates (39-40)

Tue Jun 23 · Mariners 3 · Pirates 2 · Final

Cole Young hits a two-run home run in the seventh to lift Mariners to a 3-2 victory over Pirates

Up Next · Mariners @ Pirates · Wed Jun 24, 6:40 PM

Around the Teams

Ebron Joins Not Just Football

Latest developments: Former tight end Eric Ebron appeared on Cam Heyward's Not Just Football to discuss his career and his retirement at 28.

On Not Just Football with Cam Heyward, ex-NFL tight end Eric Ebron recounted his time with the Lions, Colts, and Steelers, his retirement at age 28, and Bill Belichick's move to coach North Carolina.

Sources: Not Just Football with Cam Heyward · ↑ top

Team USA

USMNT's Diverse Roots

Latest developments: A Guardian feature traced how the U.S. men's national team built its World Cup form from players of widely varied backgrounds.

The Guardian profiled the United States men's national team at the 2026 World Cup, arguing its strength grew from a patchwork of player backgrounds, cultures, and development paths, as the U.S. heads toward its Group D finale against Türkiye.

Sources: Guardian World Cup 2026 · ↑ top

Reading

Stratechery — My Vibe Coding Adventure, The App and the Experience, Ten Takeaways. Ben Thompson recounts building an app he plans to use through 'vibe coding,' and draws ten takeaways about the experience and what it reveals about AI-assisted software development.
Ed Zitron — Cargo Culture. Ed Zitron argues the tech industry has fallen into cargo-cult behavior, imitating the rituals and trappings of past successes around AI while missing the underlying substance.
Cal Newport — Dear AI Companies: Stop the "Doom Trolling". Cal Newport criticizes AI companies for stoking fears about the dangers of their own products, likening it to a carmaker publicly warning that its best-selling vehicle is too dangerous to drive.

Markets

weekly average, change vs prior week

S&P 500     7,454.06  ▲ +0.6%
Dow        51,687.29  ▲ +1.5%
Nasdaq     26,133.91  ▲ +1.1%
WTI crude      75.49  ▼ -12.5%
EUR/USD       1.1493  ▼ -0.7%
GBP/USD       1.3277  ▼ -0.9%
USD/JPY       161.06  ▲ +0.5%