daily plain-text briefing: security, markets, business, and pittsburgh
Attackers hammered internet-facing network gear and software pipelines, forcing CISA patch deadlines on Ubiquiti and Lantronix flaws as a new CI/CD weakness class exposed repositories at Microsoft, Google, and Apache.
Latest developments: Symantec and Carbon Black's Threat Hunter Team detailed Mistic, a stealthy backdoor also tracked as MLTBackdoor deployed since April 2026 against insurance, education, IT, and professional-services firms and linked to the initial access broker KongTuke.
Mistic arrives through KongTuke's ClickFix lures and ModeloRAT campaigns in financially motivated intrusions that often precede ransomware; defenders should hunt for the backdoor and KongTuke's web-injection activity.
Sources: The Hacker News · BleepingComputer · ↑ top
Latest developments: Dark Reading reported that after a global lull, ransomware crews are concentrating on European Union organizations and their suppliers, making the bloc the operators' favored hunting ground.
The shift puts EU enterprises and the smaller vendors in their supply chains at heightened extortion risk; firms should tighten third-party access and sharpen incident readiness.
Sources: Dark Reading · ↑ top
Latest developments: Schneier flagged a spyware author who buried fake nuclear and biological weapons instructions in a JavaScript comment to trip AI safety filters and block automated analysis, while OpenClaw pulled five infostealer-laden skills from its ClawHub marketplace.
Attackers increasingly poison the data and tooling that defenders' AI systems read, from prompt-injection traps in trusted sources to policy-triggering text that derails automated malware triage; teams relying on automated AI analysis should add human review and provenance checks.
Sources: Schneier on Security · Dark Reading · SecurityWeek · The Hacker News · ↑ top
Latest developments: CISA added actively exploited flaws in Ubiquiti UniFi OS and Lantronix EDS5000 serial-to-ethernet servers to its known-exploited catalog on June 24, 2026, ordering federal civilian agencies to patch the Lantronix code-injection bug CVE-2025-67038 by June 26.
The Ubiquiti UniFi OS flaws let remote, unauthenticated attackers change system settings, reach underlying accounts, and inject commands, while the CVSS 9.8 Lantronix flaw enables code execution on widely deployed serial servers; operators should patch both at once.
Sources: BleepingComputer · The Hacker News · SecurityWeek · ↑ top
Latest developments: Novee Security disclosed Cordyceps, a new class of CI/CD workflow weakness that lets attackers hijack automation and seize full control of more than 300 repositories, including ones run by Microsoft, Google, and Apache.
The flaw pattern abuses how continuous-integration workflows handle untrusted input, opening open-source supply chains to attacker takeover; maintainers should audit and harden their GitHub Actions workflows.
Sources: The Hacker News · ↑ top
Latest developments: Researchers detailed Edgecution, a malicious Microsoft Edge extension that abuses the browser's Native Messaging feature to escape the sandbox and install a Python-based backdoor during a ransomware attack.
The extension bridges from the browser to the operating system through Native Messaging, a legitimate channel extensions use to talk to local apps; organizations should restrict extension installs and monitor native-messaging hosts.
Sources: BleepingComputer · ↑ top
Latest developments: Brent crude fell below the $72.48 it traded at in late February before the Iran conflict erupted, and marine insurers cut Strait of Hormuz hull war premiums by more than half as tanker traffic resumed.
Oil retraced its entire war spike once ships flowed again through the Strait of Hormuz, the chokepoint Allianz had called blocked days earlier with nearly 1,200 vessels and $125 billion of cargo stranded; the easing lifts a systemic supply threat over global shipping and energy markets.
Sources: Financial Times · Wall Street Journal · Financial Times · ↑ top
Latest developments: Micron Technology reported a 15-fold profit surge and forecast sustained memory demand, lifting chip stocks and U.S. and Asian futures and reversing this week's two-day rout that had hammered Nvidia and the Nasdaq.
The memory-chip maker's expectation-beating quarter calmed investor fears that AI spending could not be sustained, sending global semiconductor shares higher after a selloff driven by doubts about the durability of the AI boom.
Sources: Financial Times · Wall Street Journal · Financial Times · ↑ top
Today: Partly Sunny then Chance Showers And Thunderstorms, high 84F.
Tonight: Showers And Thunderstorms Likely, low 63F.
Friday: Mostly Cloudy then Slight Chance Showers And Thunderstorms, high 82F.
Latest developments: In broadly bipartisan votes Wednesday, the full Pennsylvania House passed two bills conditioning data centers' tax benefits and letting municipalities impose a six-month moratorium on new data-center development.
The legislation advances amid growing statewide backlash over the power and water demands of data centers, handing local governments a pause button and tying state tax breaks to conditions; the bills now move toward the state Senate.
Latest developments: The Greensburg Salem School Board voted Wednesday to raise property taxes 1.9% in its 2026-27 budget.
The Westmoreland County district's increase adds to homeowners' bills in and around Greensburg as the board closed its spending plan for the coming school year.
Latest developments: PennDOT crews ran a major test Thursday, June 25, of the system that will slide the new 22-million-pound Commercial Street bridge span into place, closing Commercial Street and the Nine Mile Run trail beneath Interstate 376.
The Parkway East bridge-replacement project near Frick Park hit a milestone as engineers verified the equipment that will move the span; the closures affect commuters and trail users in Pittsburgh's East End.
Latest developments: The Richard King Mellon Foundation will cover the full cost of a new two-story Ligonier Valley police headquarters off Route 30 in Ligonier, a $5.6 million gift, with completion targeted for early 2028.
The Pittsburgh-based foundation, which holds deep roots in the Ligonier Valley, will pay to replace the Westmoreland County department's headquarters.
Latest developments: Allegheny County prosecutors charged Pittsburgh police detective Kalieb Hines, 35, with one misdemeanor count of theft by deception, alleging he clocked in for paid secondary security shifts at the Target on Penn Avenue in East Liberty and left before completing them.
The case centers on Hines's off-duty detail at the East Liberty store; investigators say he billed for hours he did not work.
Latest developments: The Heinz History Center hosts an America 250 edition of History After Hours on Thursday, June 25, from 6 to 9 p.m.
The after-hours event at the Senator John Heinz History Center, 1212 Smallman St. in the Strip District, marks the nation's 250th anniversary; admission runs $10, or $5 for members.
Sources: Pittsburgh City Paper · ↑ top
Latest developments: The Plaza at North Shore screens The Birdcage with a drag show on Thursday, June 25, at 6 p.m.
Pride Movie Night runs free at The Plaza at North Shore, 151 Mazeroski Way; organizers suggest bringing cash to tip the drag performers.
Sources: Pittsburgh City Paper · ↑ top
Latest developments: The Pittsburgh Dance Workshop and Choreography Festival runs Thursday through Saturday, June 25-27, at the Charity Randall Theatre in Oakland.
The festival presents original works by emerging and established choreographers from the region and beyond, at various times across the three days.
Sources: NEXTpittsburgh · ↑ top
Pirates (40-40)
Wed Jun 24 · Mariners 1 · Pirates 11 · Final
Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1
Up Next · Mariners @ Pirates · Thu Jun 25, 12:35 PM
Latest developments: Retired tight end Eric Ebron joined Cam Heyward's Not Just Football to discuss Andrew Luck's retirement, the 11-0 Colts team he played on, and Bill Belichick's move to coach North Carolina.
Ebron, who retired at 28 after stops in Detroit, Indianapolis, and Pittsburgh, swapped locker-room stories from those teams and on Jim Irsay across the wide-ranging episode.
Sources: Not Just Football with Cam Heyward · ↑ top
Latest developments: In his June 24 chat, Post-Gazette beat writer Gerry Dulac fielded reader questions on cornerback Joey Porter Jr., quarterback Aaron Rodgers, coach Mike McCarthy, and young passers Will Howard and Drew Allar.
Dulac's regular Q&A ranged across the Steelers roster as the team heads toward training camp.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: Post-Gazette columnist Noah Hiles argued the Pirates have played too poorly to act as buyers at the MLB trade deadline.
Hiles pointed to general manager Ben Cherington and owner Bob Nutting, contending the team around ace Paul Skenes has not earned reinforcements.
Sources: Pittsburgh Post-Gazette · ↑ top
Latest developments: The United States plays its Group D finale against Türkiye on Thursday, June 25, with manager Mauricio Pochettino confirming he will hold out his four yellow-carded players to keep them eligible for the round of 32 on July 1.
Having already won Group D as a World Cup co-host, the U.S. men will likely rotate heavily against a Türkiye side that mirrors the tournament's stronger teams.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
Latest developments: An attorney for Olympic gold-medal skier Bode Miller said a pair of misdemeanor drug charges against him will be dropped.
Miller, the most decorated U.S. men's Alpine skier, faced the misdemeanor counts that his lawyer now expects prosecutors to drop.
Sources: ESPN Olympics · ↑ top
S&P 500 7,423.43 ▼ -0.1% Dow 51,657.14 ▲ +1.0% Nasdaq 25,953.97 ▼ -0.1% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1447 ▼ -1.2% GBP/USD 1.3232 ▼ -1.4% USD/JPY 161.30 ▲ +0.7%