================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 24, 2026 - 9:05 AM EDT ================================================================ Automated Tor sweeps planted webshells on Cisco Unified CM servers within days of a public proof of concept, the sharpest sign yet that the window between disclosure and exploitation has nearly closed. CONTENTS: Emerging Trends and Key Updates | Security | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [UPDATE (new)] BeyondTrust and LastPass confirmed Salesforce data theft as the extortion crew Icarus widened the Klue integration breach past a dozen victims. see: Klue Salesforce Breach Engulfs BeyondTrust and LastPass * [TREND] Attackers keep outracing patches, dropping Tor webshells onto Cisco Unified CM while fresh CI/CD flaws let anyone hijack millions of open-source repositories. see: Cisco Unified CM Exploited via Tor Webshell Sweeps; CI/CD Flaws Let Anyone Hijack Open-Source Repos * [TREND] Malware authors are turning defenses inward, burying nuclear and biological weapons text in spyware to trip the AI guardrails that automated analysis depends on. see: Malware Hides Behind AI Safety Guardrails * [TREND] New macOS ClickFix infostealers and a no-admin security bypass surfaced alongside the Mistic backdoor feeding Qilin and Akira ransomware affiliates. see: macOS Hit by ClickFix Infostealers and Security-Bypass Gap; Mistic Backdoor Feeds Ransomware Access Brokers * [TREND] Commentators sparred over AI's substance, with Ed Zitron decrying cargo-cult hype, Cal Newport panning doom trolling, and Ben Thompson recounting his vibe coding build. see: Cargo Culture; Dear AI Companies: Stop the "Doom Trolling"; My Vibe Coding Adventure, The App and the Experience, Ten Takeaways SECURITY ---------------------------------------------------------------- 1. CISCO UNIFIED CM EXPLOITED VIA TOR WEBSHELL SWEEPS Vulnerabilities and Exploits · [exploit, patch, rce] Latest developments: Threat intelligence firm Defused reported its honeypots now see automated Tor sweeps abusing the WebDialer server-side request forgery to drop webshells and gain remote code execution on Cisco Unified CM servers. CVE-2026-20230, a CVSS 8.6 server-side request forgery flaw in Cisco Unified Communications Manager and its Session Management Edition, lets unauthenticated attackers reach internal services; Cisco patched it in early June 2026 and admins should apply the fix immediately. - Help Net Security: https://www.helpnetsecurity.com/2026/06/24/cisco-unified-cm-flaw-exploited-to-drop-webshells-cve-2026-20230/ - The Hacker News: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - SecurityWeek: https://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/ 2. KLUE SALESFORCE BREACH ENGULFS BEYONDTRUST AND LASTPASS Data Breaches · [breach, supply-chain] Latest developments: BeyondTrust and LastPass confirmed attackers stole their Salesforce data, pushing past a dozen the Klue customers verifying theft as the extortion group Icarus published stolen files. Attackers breached market-intelligence platform Klue and used its stolen OAuth tokens to reach customers' Salesforce environments; affected firms should revoke Klue's tokens and review Salesforce access logs. - SecurityWeek: https://www.securityweek.com/beyondtrust-lastpass-impacted-by-klue-salesforce-incident/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/24/lastpass-klue-data-breach-salesforce-environment/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/scope-salesforce-attacks-expands-icarus-leaks-data 3. CI/CD FLAWS LET ANYONE HIJACK OPEN-SOURCE REPOS Vulnerabilities and Exploits · [supply-chain, exploit] Latest developments: SecurityWeek reported newly disclosed CI/CD defects that let unauthenticated users seize control of millions of open-source repositories, deepening the pull-request supply-chain risk that Cordyceps exposed and that GitHub's actions/checkout update now blocks. The flaws abuse continuous-integration workflows—the same pwn-request and Cordyceps patterns hitting Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare's Workers SDK, and Python's Black—to inject code; maintainers should pin actions and lock down workflow triggers. - SecurityWeek: https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/ - Dark Reading: https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows - The Hacker News: https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html 4. MACOS HIT BY CLICKFIX INFOSTEALERS AND SECURITY-BYPASS GAP Vulnerabilities and Exploits · [macos, malware] Latest developments: Two fresh macOS threats surfaced today: Dark Reading described a gap that lets ordinary users disable security and browser tools without admin rights or kernel exploits, and BleepingComputer detailed a ClickFix campaign that silently mounts malicious DMG files to plant infostealers. Both techniques target macOS endpoints—one neutralizes defenses, the other delivers payloads through Terminal commands; teams should restrict Terminal abuse and monitor for silent disk-image mounts. - Dark Reading: https://www.darkreading.com/application-security/apple-macos-security-gap-users-disable-security-tools - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/ 5. MISTIC BACKDOOR FEEDS RANSOMWARE ACCESS BROKERS Ransomware and Cybercrime · [ransomware, malware] Latest developments: SecurityWeek and BleepingComputer detailed Mistic, a stealthy backdoor that initial access broker Woodgnat, also tracked as KongTuke, runs to seed ransomware from Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. Mistic hits insurance, education, IT, and professional-services firms, handing operators a foothold they resell to multiple ransomware crews; defenders should hunt for the backdoor and broker activity. - SecurityWeek: https://www.securityweek.com/new-mistic-rat-opens-door-to-several-ransomware-families/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/stealthy-mistic-backdoor-linked-to-ransomware-access-broker-kongtuke/ 6. MALWARE HIDES BEHIND AI SAFETY GUARDRAILS AI Security · [ai, malware] Latest developments: Bruce Schneier flagged a malware developer who buries fake instructions about nuclear and biological weapons inside spyware comments, betting the policy-triggering text makes automated AI analysis refuse the file. The trick exploits the AI safety guardrails defenders increasingly lean on to triage malware, arriving as The Hacker News warns of agentic adversaries that operate at machine speed; analysts should not depend on AI scanning alone. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis-2.html - The Hacker News: https://thehackernews.com/2026/06/dawn-of-apex-agentic-adversary.html PITTSBURGH ---------------------------------------------------------------- Weather: Today: Sunny, high 81F. Tonight: Partly Cloudy, low 59F. Thursday: Partly Sunny then Chance Showers And Thunderstorms, high 84F. Business: * Pittsburgh Council Votes on Skill-Games Tax Latest developments: Pittsburgh City Council scheduled a preliminary and final vote Wednesday, June 24, on the skill-games tax that Councilman Anthony Coghill floated a week earlier. Pittsburgh City Council moved to tax the slot-like skill-games machines inside the city, acting ahead of Harrisburg after the Pennsylvania Supreme Court classified the devices as slot machines. - WPXI: https://www.wpxi.com/news/local/pittsburgh-council-vote-wednesday-bill-tax-skill-games/WJQSJWRP4BDXTMW22NCVZ5EAIU/ * Westmoreland Cancels Park EV Chargers Latest developments: Westmoreland County canceled its long-planned contract to install electric-vehicle charging stations in county parks. Westmoreland County dropped a project to place electric-vehicle chargers in its parks, ending a plan the county had pursued for years. - TribLive: https://triblive.com/local/westmoreland/westmoreland-county-pulls-plug-on-ev-charging-station-contract/ Around town: * Sharpsburg Names Court for Greg Domian Latest developments: Sharpsburg will dedicate the Kennedy Park basketball court to longtime community advocate Greg Domian. Sharpsburg is naming the Kennedy Park basketball court for Greg Domian, honoring his years of advocacy in the borough, with anticipation building locally around the dedication. - TribLive: https://triblive.com/local/valley-news-dispatch/kennedy-park-basketball-court-being-named-for-longtime-sharpsburg-advocate-greg-domian/ * Hempfield Upgrades Founders Park Latest developments: Hempfield Township plans to spend up to $75,000 on fencing, signage, and other amenities at Founders Park. Hempfield Township will invest as much as $75,000 to improve the visitor experience at Founders Park with new fencing, signage, and added amenities. - TribLive: https://triblive.com/local/westmoreland/hempfield-plans-75k-for-visitor-experience-improvements-at-founders-park/ * Brick Pitt Lego Shop Opens in Indiana Township Latest developments: Bob and Tara Raposa grew their Lego side business into the Brick Pitt, an independent shop in Indiana Township. Bob and Tara Raposa run the Brick Pitt in Indiana Township, an independent retailer of Lego sets that gives collectors a local alternative to chain stores. - TribLive: https://triblive.com/local/valley-news-dispatch/the-brick-pitt-offers-lego-lovers-an-independent-shopping-choice-in-indiana-township/ Events: * Nia Sioux in CLO's 'Mean Girls' Latest developments: Nia Sioux, the 'Dance Moms' alum, returns to Pittsburgh to perform with Pittsburgh CLO. Nia Sioux, who rose to fame on Lifetime's 'Dance Moms,' performs in Pittsburgh CLO's production of 'Mean Girls' at the Benedum Center, Downtown. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/theater-dance/2026/06/24/dance-moms-nia-sioux-mean-girls-pittsburgh-clo/stories/202606180062 SPORTS ---------------------------------------------------------------- Pirates (39-40) Tue Jun 23 · Mariners 3 · Pirates 2 · Final Cole Young hits a two-run home run in the seventh to lift Mariners to a 3-2 victory over Pirates https://plaintextsports.com/mlb/2026-06-23/sea-pit Up Next · Mariners @ Pirates · Wed Jun 24, 6:40 PM https://plaintextsports.com/mlb/2026-06-24/sea-pit Around the Teams: * Ebron Joins Not Just Football Latest developments: Former tight end Eric Ebron appeared on Cam Heyward's Not Just Football to discuss his career and his retirement at 28. On Not Just Football with Cam Heyward, ex-NFL tight end Eric Ebron recounted his time with the Lions, Colts, and Steelers, his retirement at age 28, and Bill Belichick's move to coach North Carolina. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=KgmEBua4Rog Team USA: * USMNT's Diverse Roots Latest developments: A Guardian feature traced how the U.S. men's national team built its World Cup form from players of widely varied backgrounds. The Guardian profiled the United States men's national team at the 2026 World Cup, arguing its strength grew from a patchwork of player backgrounds, cultures, and development paths, as the U.S. heads toward its Group D finale against Türkiye. - Guardian World Cup 2026: https://www.theguardian.com/football/2026/jun/24/usmnt-diverse-pathways-american-soccer-development-2026-world-cup READING ---------------------------------------------------------------- * Stratechery -- My Vibe Coding Adventure, The App and the Experience, Ten Takeaways Ben Thompson recounts building an app he plans to use through 'vibe coding,' and draws ten takeaways about the experience and what it reveals about AI-assisted software development. https://stratechery.com/2026/my-vibe-coding-adventure-the-app-and-the-experience-ten-takeaways/ * Ed Zitron -- Cargo Culture Ed Zitron argues the tech industry has fallen into cargo-cult behavior, imitating the rituals and trappings of past successes around AI while missing the underlying substance. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Cal Newport criticizes AI companies for stoking fears about the dangers of their own products, likening it to a carmaker publicly warning that its best-selling vehicle is too dangerous to drive. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,454.06 ▲ +0.6% Dow 51,687.29 ▲ +1.5% Nasdaq 26,133.91 ▲ +1.1% WTI crude 75.49 ▼ -12.5% EUR/USD 1.1493 ▼ -0.7% GBP/USD 1.3277 ▼ -0.9% USD/JPY 161.06 ▲ +0.5% ================================================================ Generated 2026-06-24 09:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================