================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Wednesday, June 24, 2026 - 4:06 PM EDT ================================================================ International police recovered 27 million stolen credentials in an Operation Endgame strike on StealC and Amadey as fresh supply-chain and network-device flaws came under active attack. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Supply-chain attacks widened as Cordyceps CI/CD flaws let attackers hijack repositories at Microsoft, Google, and Apache while stolen Klue OAuth tokens drained Salesforce data from LastPass and BeyondTrust. see: Cordyceps CI/CD Flaws Threaten Open-Source Supply Chain; Klue Salesforce Breach Engulfs LastPass and BeyondTrust * [TREND] The criminal pipeline feeding ransomware took hits as Operation Endgame gutted StealC and Amadey even while the Mistic backdoor kept handing Qilin and Akira fresh access. see: Operation Endgame Recovers 27 Million Stolen Credentials; Mistic Backdoor Feeds Qilin and Akira Ransomware * [TREND] Attackers turned AI into weapon and shield, slipping five infostealer-laden skills into ClawHub and lacing spyware with fake weapons text to defeat automated analysis. see: Attackers Weaponize and Poison AI Tools * [UPDATE (new)] CISA ordered federal agencies to patch a CVSS 9.8 Lantronix code-injection flaw under active exploitation alongside Ubiquiti UniFi OS bugs by June 26. see: CISA Flags Ubiquiti and Lantronix Flaws Under Attack * [TREND] Tech commentators sharpened their AI skepticism as Zitron decried cargo-cult mimicry, Newport scolded doom-trolling, and Thompson tallied takeaways from vibe coding an app. see: Cargo Culture; Dear AI Companies: Stop the "Doom Trolling"; My Vibe Coding Adventure, The App and the Experience, Ten Takeaways SECURITY ---------------------------------------------------------------- 1. OPERATION ENDGAME RECOVERS 27 MILLION STOLEN CREDENTIALS Ransomware and Cybercrime · [takedown, malware, infostealer] Latest developments: Law enforcement and partners Bitdefender, Bitsight, ESET, Microsoft, and Proofpoint recovered 27 million stolen credentials after disrupting hundreds of command-and-control servers behind StealC and Amadey on June 24, 2026. StealC and Amadey are infostealer and loader malware that work in tandem to compromise devices, harvest data, and deliver ransomware and financial fraud; Microsoft's Digital Crimes Unit and Europol seized and blocked the domains forming their backbone. Affected users should change exposed passwords. - The Hacker News: https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/24/operation-endgame-stealc-amadey-malware-disrupted/ 2. ATTACKERS WEAPONIZE AND POISON AI TOOLS AI Security · [ai, supply-chain, malware] Latest developments: OpenClaw pulled five infostealer-laden skills from its ClawHub marketplace, and Bruce Schneier reported a malware author embedding fake nuclear and biological weapons text in spyware comments to trip safety filters and block automated AI analysis. Adversaries now treat AI agents, their marketplaces, and the data they read as an attack surface, planting malicious skills and poisoning inputs that autonomous systems trust. Teams should vet agent skills and avoid relying solely on AI for malware triage. - Dark Reading: https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/ - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis-2.html - SecurityWeek: https://www.securityweek.com/when-information-becomes-the-attack-surface-understanding-ai-agent-traps/ 3. CISA FLAGS UBIQUITI AND LANTRONIX FLAWS UNDER ATTACK Vulnerabilities and Exploits · [patch, exploit, cisa] Latest developments: CISA detailed CVE-2025-67038, a CVSS 9.8 code-injection flaw in Lantronix EDS5000 serial-to-ethernet servers under active exploitation, and ordered federal civilian agencies to patch it alongside the Ubiquiti UniFi OS flaws by June 26, 2026. The flaws let remote, unauthenticated attackers change system settings, reach underlying accounts, and inject commands on widely deployed network gear. Operators should apply the Ubiquiti and Lantronix fixes immediately. - The Hacker News: https://thehackernews.com/2026/06/cisa-warns-critical-lantronix-eds5000.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/ - SecurityWeek: https://www.securityweek.com/critical-ubiquiti-vulnerabilities-in-attackers-crosshairs/ 4. KLUE SALESFORCE BREACH ENGULFS LASTPASS AND BEYONDTRUST Data Breaches · [breach, supply-chain, extortion] Latest developments: LastPass and BeyondTrust confirmed attackers used OAuth tokens stolen in the Klue supply-chain breach to take their Salesforce data, joining over a dozen confirmed victims as the Icarus extortion group leaked stolen files. Klue, a market-intelligence platform integrated with Salesforce and Gong across sales teams, lost OAuth tokens that attackers reused to reach customer CRM data. Affected firms should revoke Klue tokens and review Salesforce access logs. - SecurityWeek: https://www.securityweek.com/beyondtrust-lastpass-impacted-by-klue-salesforce-incident/ - Help Net Security: https://www.helpnetsecurity.com/2026/06/24/lastpass-klue-data-breach-salesforce-environment/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/scope-salesforce-attacks-expands-icarus-leaks-data 5. MISTIC BACKDOOR FEEDS QILIN AND AKIRA RANSOMWARE Ransomware and Cybercrime · [ransomware, backdoor, access-broker] Latest developments: Researchers exposed Mistic, a stealthy backdoor that initial access broker Woodgnat, tracked as KongTuke, uses to open doors for Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta ransomware. Mistic targets insurance, education, IT, and professional-services organizations in financially motivated attacks that precede ransomware deployment. Defenders should hunt for the backdoor and monitor for follow-on ransomware staging. - SecurityWeek: https://www.securityweek.com/new-mistic-rat-opens-door-to-several-ransomware-families/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/stealthy-mistic-backdoor-linked-to-ransomware-access-broker-kongtuke/ 6. CORDYCEPS CI/CD FLAWS THREATEN OPEN-SOURCE SUPPLY CHAIN Vulnerabilities and Exploits · [supply-chain, ci/cd, vulnerability] Latest developments: Novee Security disclosed Cordyceps, a class of CI/CD workflow weakness that lets unauthenticated attackers hijack workflows and seize control of more than 300 GitHub repositories at Microsoft, Google, and Apache. Cordyceps abuses misconfigured continuous-integration pipelines to compromise the open-source software supply chain, exposing millions of downstream repositories to hijacking. Maintainers should audit workflow triggers and restrict pipeline permissions. - The Hacker News: https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html - SecurityWeek: https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/ BUSINESS AND POLITICS ---------------------------------------------------------------- * War Premium Drains Out of Markets Latest developments: Oil settled near pre-war levels Wednesday, falling to its lowest since the U.S.-Iran conflict began as more tankers cleared the Persian Gulf, while gold sank to a November low and bitcoin slid below $60,000. Crude fell about 4% to its lowest since the start of the U.S.-Iran war, Treasury yields eased, gold dropped 3.4% and silver 6.4%, and bitcoin hit a 20-month low under $60,000 as cooling Middle East tension and a rotation toward AI stocks pulled the safe-haven and geopolitical bid out of commodities and crypto. - WSJ Markets: https://www.wsj.com/finance/commodities-futures/oil-falls-on-signs-of-more-easing-of-supply-disruptions-in-mideast-8b2de17c?mod=rss_markets_main - WSJ Markets: https://www.wsj.com/finance/commodities-futures/gold-lower-amid-weak-sentiment-66a7543e?mod=rss_markets_main - FT Home: https://www.ft.com/content/41d1da8f-e1a8-4953-9d89-a8caa84cd26c - WSJ Markets: https://www.wsj.com/finance/jgb-futures-edge-higher-tracking-mild-gains-in-u-s-treasury-market-adfa0a58?mod=rss_markets_main * Trump Holds Housing Bill Hostage to Voter Law Latest developments: President Trump abruptly canceled Wednesday's signing of the bipartisan housing-affordability bill, blindsiding Senate Republicans and vowing to withhold his signature until Congress passes his SAVE America voter-eligibility measure. President Trump shelved a bipartisan bill meant to spur home construction and curb institutional investors in housing, dismissing it as of "minor importance" and tying his signature to passage of legislation requiring proof of citizenship to vote. - WSJ Politics: https://www.wsj.com/politics/policy/trump-abruptly-cancels-signing-ceremony-for-bipartisan-housing-bill-c94f5ff1 - FT Markets: https://www.ft.com/content/771adcdd-03e9-4c59-9bf1-49b3a52cc2bd PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Sunny, high 81F. Tonight: Partly Cloudy, low 60F. Thursday: Partly Sunny then Scattered Showers And Thunderstorms, high 84F. Business: * City Council Passes Skill-Games Tax Latest developments: Pittsburgh City Council voted Wednesday to tax skill-game terminals, enacting the levy Councilman Anthony Coghill floated a week earlier, though collection remains uncertain until Harrisburg acts. Pittsburgh City Council approved a tax on skill-game machines after the Pennsylvania Supreme Court classified them as slot machines, but whether the city can collect it hinges on the regulations or levies the state ultimately imposes. - TribLive: https://triblive.com/local/pittsburgh-council-gambles-on-skill-games-tax-by-voting-in-favor-of-levy/ - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-local/2026/06/24/pittsburgh-gaming-terminals-tax/stories/202606240048 * CMU, UPMC Win Up to $39.3M for Fetal Monitoring Latest developments: A Pittsburgh team led by Carnegie Mellon University and UPMC Magee-Womens will share a grant of up to $39.3 million to improve fetal monitoring. Carnegie Mellon University and UPMC Magee-Womens Hospital will split federal funding of up to $39.3 million to develop better technology for monitoring fetal health. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/healthcare-business/2026/06/24/carnegie-mellon-university-pittsburgh-upmc-magee-womens/stories/202606240054 * Pirates Open Legacy Hall at PNC Park Latest developments: The Pittsburgh Pirates announced the opening of Legacy Hall, a new event and meeting space at PNC Park holding the ballpark's largest display of team memorabilia. The Pittsburgh Pirates opened Legacy Hall at PNC Park, an event and meeting venue showcasing the largest collection of Pirates memorabilia at the ballpark. - WPXI: https://www.wpxi.com/sports/mlb/pittsburgh-pirates/legacy-hall-pnc-park-unique-event-space-with-pittsburgh-pirates-history-display/DQI6LXYG6NE2NCZCSZMP7DSMTM/ Around town: * Pittsburgh Offers Free Kids' Swim Lessons Latest developments: The City of Pittsburgh opened free summer swimming lessons for children ages 6 to 15. The City of Pittsburgh is providing free swimming lessons for kids ages 6 to 15 at its public pools this summer. - WPXI: https://www.wpxi.com/news/local/city-pittsburgh-offers-free-swimming-lessons-kids/OGDKQOYHINDCZOOIL3RWTOUWXY/ * Point Park Adds Transfer Scholarship Latest developments: Point Park University will give transfer students a $3,000 scholarship this fall to draw them to its Downtown Pittsburgh campus. Point Park University introduced a $3,000 scholarship for transfer students starting this fall, betting it can sway them into enrolling at the Downtown college. - TribLive: https://triblive.com/news/education-classroom/point-park-giving-3k-scholarship-to-transfer-students-this-fall/ * Slippery Rock Plans Construction Degree Latest developments: Slippery Rock University proposed a bachelor's degree in construction management aimed at working trade professionals. Slippery Rock University officials proposed a construction-management bachelor's degree to give skilled trade workers a pathway to a four-year credential. - TribLive: https://triblive.com/local/regional/slippery-rock-proposes-construction-management-degree-to-trade-workers/ Events: * Pittsburgh Choreography Festival at Charity Randall Latest developments: The Pittsburgh Dance Workshop and Choreography Festival runs Thursday through Saturday, June 25 to 27, at the Charity Randall Theatre in Oakland. The Pittsburgh Dance Workshop and Choreography Festival, gathering emerging and established choreographers to present original works, plays at various times Thursday, June 25, Friday, June 26, and Saturday, June 27, at the Charity Randall Theatre in Oakland. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-25-28-2026/ * Nelly, Third Eye Blind Concert Sells Out Latest developments: Tickets to America250PA's free Point State Park concert Saturday, June 27, have sold out, and road closures and parking restrictions around Downtown have already begun. America250PA's free Commonwealth Concert at Point State Park Downtown on Saturday, June 27, headlined by Nelly and Third Eye Blind with Pittsburgh rapper Frzy, has reached capacity, triggering road closures and parking restrictions across Downtown. - TribLive: https://triblive.com/news/road-closures-have-begun-in-advance-of-america250pa-concert-with-nelly-third-eye-blind/ SPORTS ---------------------------------------------------------------- Pirates (39-40) Tue Jun 23 · Mariners 3 · Pirates 2 · Final Cole Young hits a two-run home run in the seventh to lift Mariners to a 3-2 victory over Pirates https://plaintextsports.com/mlb/2026-06-23/sea-pit Up Next · Mariners @ Pirates · Wed Jun 24, 6:40 PM https://plaintextsports.com/mlb/2026-06-24/sea-pit Around the Teams: * Hiles: Pirates Shouldn't Buy at the Deadline Latest developments: Post-Gazette columnist Noah Hiles argued the Pirates have not earned the right to add at the MLB trade deadline, putting the stakes on Ben Cherington, Paul Skenes, and owner Bob Nutting. In a June 24 column, Post-Gazette writer Noah Hiles contended the Pirates' play makes them undeserving of buying at the trade deadline, framing the franchise's choices around general manager Ben Cherington, ace Paul Skenes, and owner Bob Nutting. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/24/hiles-mlb-trade-deadline-cherington-skenes-nutting/stories/202606240040 * Film Study on Rookie Robert Spears-Jennings Latest developments: A Post-Gazette film breakdown praised Steelers rookie safety Robert Spears-Jennings, the Oklahoma product, for his motor and his special-teams value. The Post-Gazette's film study of Steelers rookie safety Robert Spears-Jennings, drafted out of Oklahoma, highlighted his effort against the run and the role he projects to fill on special teams. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/24/robert-spears-jennings-nfl-draft-oklahoma-sooners/stories/202606240031 * Eric Ebron on Not Just Football Latest developments: Former tight end Eric Ebron joined Cam Heyward's Not Just Football to discuss his NFL journey and his retirement at 28. On Not Just Football with Cam Heyward, ex-tight end Eric Ebron walked through his stints in Detroit, Indianapolis, and Pittsburgh, his early retirement, and Bill Belichick's move to coach North Carolina. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=KgmEBua4Rog Team USA: * Pulisic Hopes to Play vs Türkiye Latest developments: Christian Pulisic said he is ready and hoping to play in the USMNT's Group D finale against Türkiye on Thursday, June 25, though he is "probably not ready" for a full 90 minutes after his calf injury. United States captain Christian Pulisic, recovered from the left calf injury that sidelined him against Australia, said he hopes to feature against Türkiye on Thursday in the U.S. men's already-clinched final group match, while doubting he can last the full 90 minutes. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49167459/christian-pulisic-ready-hoping-play-united-states-vs-turkiye * Diggins, Olympians Lobby Congress on Climate Latest developments: Olympic cross-country skier Jessie Diggins and the athlete group Protect Our Winters visited Capitol Hill this week to press lawmakers on climate policy amid concern over Environmental Protection Agency moves. Olympic gold-medal skier Jessie Diggins joined the athlete-led group Protect Our Winters at the U.S. Capitol to push Congress for climate solutions, citing worries about EPA rollbacks that threaten winter sports. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49166700/protect-our-winters-climate-advocacy-group-visits-capitol READING ---------------------------------------------------------------- * Stratechery -- My Vibe Coding Adventure, The App and the Experience, Ten Takeaways Ben Thompson recounts vibe-coding an app he plans to use regularly and draws ten takeaways about what building software with AI tools is actually like. https://stratechery.com/2026/my-vibe-coding-adventure-the-app-and-the-experience-ten-takeaways/ * Ed Zitron -- Cargo Culture Zitron argues the tech industry is engaged in cargo-cult behavior, mimicking the trappings of AI success without the underlying substance or economics to sustain it. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport criticizes AI firms for publicizing alarming warnings about their own products, likening it to Ford issuing a whitepaper fretting over the dangers of its best-selling F-150. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,454.06 ▲ +0.6% Dow 51,687.29 ▲ +1.5% Nasdaq 26,133.91 ▲ +1.1% WTI crude 75.49 ▼ -12.5% EUR/USD 1.1493 ▼ -0.7% GBP/USD 1.3277 ▼ -0.9% USD/JPY 161.06 ▲ +0.5% ================================================================ Generated 2026-06-24 16:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================