================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 25, 2026 - 6:07 AM EDT ================================================================ Attackers hammered internet-facing network gear and software pipelines, forcing CISA patch deadlines on Ubiquiti and Lantronix flaws as a new CI/CD weakness class exposed repositories at Microsoft, Google, and Apache. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] CISA ordered federal agencies to patch actively exploited flaws in Ubiquiti UniFi OS and Lantronix EDS5000 serial servers on a hard deadline. see: CISA Flags Ubiquiti and Lantronix Flaws Under Attack * [TREND] The Cordyceps class of CI/CD flaws let attackers hijack workflows across more than 300 repositories run by Microsoft, Google, and Apache. see: Cordyceps CI/CD Flaws Expose GitHub Supply Chains * [TREND] Adversaries weaponized AI, burying fake nuclear and biological weapons text in spyware to derail automated analysis as malicious skills slipped past OpenClaw's marketplace scanners. see: Malware Hides From AI as Agent Traps Multiply * [TREND] Fresh malware surfaced as the Mistic backdoor hit professional-services firms, the Edgecution extension dropped a Python backdoor, and ransomware crews pivoted to Europe. see: Mistic Backdoor Ties to Access Broker KongTuke; Edgecution Browser Extension Drops Ransomware Backdoor; Ransomware Gangs Turn to Europe * [UPDATE (new)] Markets steadied as Brent crude returned to prewar levels with the Strait of Hormuz reopening and Micron's profit surge revived the AI chip trade. see: Oil Returns to Prewar Levels as Hormuz Reopens; Micron Earnings Revive AI Trade After Selloff * [UPDATE (new)] Locally, PennDOT tested sliding the new Commercial Street bridge span, the Mellon foundation funded a Ligonier police HQ, and a Pittsburgh detective faces time-theft charges. see: PennDOT Tests Commercial Street Bridge Move; Richard King Mellon Funds Ligonier Police HQ; USMNT Closes Group D vs. Türkiye SECURITY ---------------------------------------------------------------- 1. MISTIC BACKDOOR TIES TO ACCESS BROKER KONGTUKE Ransomware and Cybercrime · [malware, ransomware] Latest developments: Symantec and Carbon Black's Threat Hunter Team detailed Mistic, a stealthy backdoor also tracked as MLTBackdoor deployed since April 2026 against insurance, education, IT, and professional-services firms and linked to the initial access broker KongTuke. Mistic arrives through KongTuke's ClickFix lures and ModeloRAT campaigns in financially motivated intrusions that often precede ransomware; defenders should hunt for the backdoor and KongTuke's web-injection activity. - The Hacker News: https://thehackernews.com/2026/06/new-mistic-backdoor-linked-to-kongtuke.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/stealthy-mistic-backdoor-linked-to-ransomware-access-broker-kongtuke/ 2. RANSOMWARE GANGS TURN TO EUROPE Ransomware and Cybercrime · [ransomware] Latest developments: Dark Reading reported that after a global lull, ransomware crews are concentrating on European Union organizations and their suppliers, making the bloc the operators' favored hunting ground. The shift puts EU enterprises and the smaller vendors in their supply chains at heightened extortion risk; firms should tighten third-party access and sharpen incident readiness. - Dark Reading: https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region 3. MALWARE HIDES FROM AI AS AGENT TRAPS MULTIPLY AI Security · [ai, supply-chain] Latest developments: Schneier flagged a spyware author who buried fake nuclear and biological weapons instructions in a JavaScript comment to trip AI safety filters and block automated analysis, while OpenClaw pulled five infostealer-laden skills from its ClawHub marketplace. Attackers increasingly poison the data and tooling that defenders' AI systems read, from prompt-injection traps in trusted sources to policy-triggering text that derails automated malware triage; teams relying on automated AI analysis should add human review and provenance checks. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis-2.html - Dark Reading: https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain - SecurityWeek: https://www.securityweek.com/when-information-becomes-the-attack-surface-understanding-ai-agent-traps/ - The Hacker News: https://thehackernews.com/2026/06/dawn-of-apex-agentic-adversary.html 4. CISA FLAGS UBIQUITI AND LANTRONIX FLAWS UNDER ATTACK Vulnerabilities and Exploits · [patch, exploit] Latest developments: CISA added actively exploited flaws in Ubiquiti UniFi OS and Lantronix EDS5000 serial-to-ethernet servers to its known-exploited catalog on June 24, 2026, ordering federal civilian agencies to patch the Lantronix code-injection bug CVE-2025-67038 by June 26. The Ubiquiti UniFi OS flaws let remote, unauthenticated attackers change system settings, reach underlying accounts, and inject commands, while the CVSS 9.8 Lantronix flaw enables code execution on widely deployed serial servers; operators should patch both at once. - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/ - The Hacker News: https://thehackernews.com/2026/06/cisa-warns-critical-lantronix-eds5000.html - SecurityWeek: https://www.securityweek.com/critical-ubiquiti-vulnerabilities-in-attackers-crosshairs/ 5. CORDYCEPS CI/CD FLAWS EXPOSE GITHUB SUPPLY CHAINS Vulnerabilities and Exploits · [supply-chain, vulnerability] Latest developments: Novee Security disclosed Cordyceps, a new class of CI/CD workflow weakness that lets attackers hijack automation and seize full control of more than 300 repositories, including ones run by Microsoft, Google, and Apache. The flaw pattern abuses how continuous-integration workflows handle untrusted input, opening open-source supply chains to attacker takeover; maintainers should audit and harden their GitHub Actions workflows. - The Hacker News: https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html 6. EDGECUTION BROWSER EXTENSION DROPS RANSOMWARE BACKDOOR Ransomware and Cybercrime · [ransomware, malware] Latest developments: Researchers detailed Edgecution, a malicious Microsoft Edge extension that abuses the browser's Native Messaging feature to escape the sandbox and install a Python-based backdoor during a ransomware attack. The extension bridges from the browser to the operating system through Native Messaging, a legitimate channel extensions use to talk to local apps; organizations should restrict extension installs and monitor native-messaging hosts. - BleepingComputer: https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Oil Returns to Prewar Levels as Hormuz Reopens Latest developments: Brent crude fell below the $72.48 it traded at in late February before the Iran conflict erupted, and marine insurers cut Strait of Hormuz hull war premiums by more than half as tanker traffic resumed. Oil retraced its entire war spike once ships flowed again through the Strait of Hormuz, the chokepoint Allianz had called blocked days earlier with nearly 1,200 vessels and $125 billion of cargo stranded; the easing lifts a systemic supply threat over global shipping and energy markets. - Financial Times: https://www.ft.com/content/7a05c821-491f-41a7-8d03-53183fbbb719 - Wall Street Journal: https://www.wsj.com/finance/commodities-futures/oil-futures-fall-amid-signs-of-further-easing-in-mideast-tensions-6833f9f6?mod=rss_markets_main - Financial Times: https://www.ft.com/content/b62d823c-865b-4fa6-a492-1cd65d3400cb * Micron Earnings Revive AI Trade After Selloff Latest developments: Micron Technology reported a 15-fold profit surge and forecast sustained memory demand, lifting chip stocks and U.S. and Asian futures and reversing this week's two-day rout that had hammered Nvidia and the Nasdaq. The memory-chip maker's expectation-beating quarter calmed investor fears that AI spending could not be sustained, sending global semiconductor shares higher after a selloff driven by doubts about the durability of the AI boom. - Financial Times: https://www.ft.com/content/9b739203-3274-43f1-b61e-c1905061d32a - Wall Street Journal: https://www.wsj.com/livecoverage/stock-market-today-dow-sp-500-nasdaq-06-25-2026?mod=rss_markets_main - Financial Times: https://www.ft.com/content/b3ad976b-9967-4952-92ff-822a8e253fb1 PITTSBURGH ---------------------------------------------------------------- Weather: Today: Partly Sunny then Chance Showers And Thunderstorms, high 84F. Tonight: Showers And Thunderstorms Likely, low 63F. Friday: Mostly Cloudy then Slight Chance Showers And Thunderstorms, high 82F. Business: * Pa. House Passes Data-Center Curbs Latest developments: In broadly bipartisan votes Wednesday, the full Pennsylvania House passed two bills conditioning data centers' tax benefits and letting municipalities impose a six-month moratorium on new data-center development. The legislation advances amid growing statewide backlash over the power and water demands of data centers, handing local governments a pause button and tying state tax breaks to conditions; the bills now move toward the state Senate. - TribLive: https://triblive.com/news/pennsylvania/pa-house-approves-bills-allowing-data-center-moratoriums-restricting-tax-benefits-as-backlash-grows/ * Greensburg Salem Raises Property Taxes Latest developments: The Greensburg Salem School Board voted Wednesday to raise property taxes 1.9% in its 2026-27 budget. The Westmoreland County district's increase adds to homeowners' bills in and around Greensburg as the board closed its spending plan for the coming school year. - TribLive: https://triblive.com/local/westmoreland/greensburg-salem-hikes-property-taxes-by-1-9-for-2026-27-school-year/ Around town: * PennDOT Tests Commercial Street Bridge Move Latest developments: PennDOT crews ran a major test Thursday, June 25, of the system that will slide the new 22-million-pound Commercial Street bridge span into place, closing Commercial Street and the Nine Mile Run trail beneath Interstate 376. The Parkway East bridge-replacement project near Frick Park hit a milestone as engineers verified the equipment that will move the span; the closures affect commuters and trail users in Pittsburgh's East End. - KDKA: https://www.cbsnews.com/pittsburgh/news/penndot-major-test-parkway-east-commercial-street-bridge-replacement/ * Richard King Mellon Funds Ligonier Police HQ Latest developments: The Richard King Mellon Foundation will cover the full cost of a new two-story Ligonier Valley police headquarters off Route 30 in Ligonier, a $5.6 million gift, with completion targeted for early 2028. The Pittsburgh-based foundation, which holds deep roots in the Ligonier Valley, will pay to replace the Westmoreland County department's headquarters. - TribLive: https://triblive.com/local/westmoreland/new-ligonier-valley-police-hq-to-be-built-off-route-30-in-ligonier-richard-king-mellon-foundation-will-pay-the-tab/ * Pittsburgh Detective Charged With Time Theft Latest developments: Allegheny County prosecutors charged Pittsburgh police detective Kalieb Hines, 35, with one misdemeanor count of theft by deception, alleging he clocked in for paid secondary security shifts at the Target on Penn Avenue in East Liberty and left before completing them. The case centers on Hines's off-duty detail at the East Liberty store; investigators say he billed for hours he did not work. - KDKA: https://www.cbsnews.com/pittsburgh/news/pittsburgh-police-detective-time-theft-target-east-liberty/ Events: * History After Hours: America 250 Latest developments: The Heinz History Center hosts an America 250 edition of History After Hours on Thursday, June 25, from 6 to 9 p.m. The after-hours event at the Senator John Heinz History Center, 1212 Smallman St. in the Strip District, marks the nation's 250th anniversary; admission runs $10, or $5 for members. - Pittsburgh City Paper: https://www.pghcitypaper.com/listings/this-weeks-top-events/pittsburghs-top-events-thu-jun-25-wed-jul-1/ * Pride Movie Night at the Plaza Latest developments: The Plaza at North Shore screens The Birdcage with a drag show on Thursday, June 25, at 6 p.m. Pride Movie Night runs free at The Plaza at North Shore, 151 Mazeroski Way; organizers suggest bringing cash to tip the drag performers. - Pittsburgh City Paper: https://www.pghcitypaper.com/listings/this-weeks-top-events/pittsburghs-top-events-thu-jun-25-wed-jul-1/ * Pittsburgh Choreography Festival at Charity Randall Latest developments: The Pittsburgh Dance Workshop and Choreography Festival runs Thursday through Saturday, June 25-27, at the Charity Randall Theatre in Oakland. The festival presents original works by emerging and established choreographers from the region and beyond, at various times across the three days. - NEXTpittsburgh: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-25-28-2026/ SPORTS ---------------------------------------------------------------- Pirates (40-40) Wed Jun 24 · Mariners 1 · Pirates 11 · Final Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1 https://plaintextsports.com/mlb/2026-06-24/sea-pit Up Next · Mariners @ Pirates · Thu Jun 25, 12:35 PM https://plaintextsports.com/mlb/2026-06-25/sea-pit Around the Teams: * Eric Ebron on Not Just Football Latest developments: Retired tight end Eric Ebron joined Cam Heyward's Not Just Football to discuss Andrew Luck's retirement, the 11-0 Colts team he played on, and Bill Belichick's move to coach North Carolina. Ebron, who retired at 28 after stops in Detroit, Indianapolis, and Pittsburgh, swapped locker-room stories from those teams and on Jim Irsay across the wide-ranging episode. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=KgmEBua4Rog * Gerry Dulac's Steelers Chat Latest developments: In his June 24 chat, Post-Gazette beat writer Gerry Dulac fielded reader questions on cornerback Joey Porter Jr., quarterback Aaron Rodgers, coach Mike McCarthy, and young passers Will Howard and Drew Allar. Dulac's regular Q&A ranged across the Steelers roster as the team heads toward training camp. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/steelers/2026/06/24/nfl-news-joey-porter-rodgers-mccarthy-will-howard-allar/stories/202606240035 * Hiles: Pirates Shouldn't Buy at Deadline Latest developments: Post-Gazette columnist Noah Hiles argued the Pirates have played too poorly to act as buyers at the MLB trade deadline. Hiles pointed to general manager Ben Cherington and owner Bob Nutting, contending the team around ace Paul Skenes has not earned reinforcements. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/pirates/2026/06/24/hiles-mlb-trade-deadline-cherington-skenes-nutting/stories/202606240040 Team USA: * USMNT Closes Group D vs. Türkiye Latest developments: The United States plays its Group D finale against Türkiye on Thursday, June 25, with manager Mauricio Pochettino confirming he will hold out his four yellow-carded players to keep them eligible for the round of 32 on July 1. Having already won Group D as a World Cup co-host, the U.S. men will likely rotate heavily against a Türkiye side that mirrors the tournament's stronger teams. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49167040/what-turkiye-match-reveal-usmnt-world-cup-knockout-round-hopes - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49169923/pochettino-risk-united-states-players-yellows * Bode Miller Drug Charges to Be Dropped Latest developments: An attorney for Olympic gold-medal skier Bode Miller said a pair of misdemeanor drug charges against him will be dropped. Miller, the most decorated U.S. men's Alpine skier, faced the misdemeanor counts that his lawyer now expects prosecutors to drop. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49170769/drug-charges-bode-miller-dropped-attorney-says READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson talks with Figma chief executive Dylan Field about how the company was built and why Field believes AI works as a tailwind rather than a threat to design tools. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues that much of the tech and AI industry runs on cargo-cult imitation, copying the surface rituals and language of successful firms without the underlying substance or results. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport contends that AI firms warning about the existential dangers of their own products amounts to self-serving marketing, akin to Ford publishing a whitepaper fretting that the F-150 is too powerful. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,423.43 ▼ -0.1% Dow 51,657.14 ▲ +1.0% Nasdaq 25,953.97 ▼ -0.1% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1447 ▼ -1.2% GBP/USD 1.3232 ▼ -1.4% USD/JPY 161.30 ▲ +0.7% ================================================================ Generated 2026-06-25 06:07 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================