================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 25, 2026 - 9:06 AM EDT ================================================================ Attackers keep punching through network-edge hardware as Cisco SD-WAN, Lantronix, and Ubiquiti flaws all see active exploitation, while new macOS malware learns to blind the AI tools meant to catch it. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Attackers are breaching network-edge appliances faster than vendors disclose them, forging root accounts on Cisco SD-WAN and exploiting Lantronix and Ubiquiti gear in the wild. see: Cisco SD-WAN Zero-Day Grants Root Access; Lantronix and Ubiquiti Flaws Exploited * [TREND] The Rust-based Gaslight macOS stealer weaponizes prompt injection to trick analysts' AI tools into aborting examination, signaling automated malware triage has itself become an attack surface. see: Gaslight Malware Blinds AI Analysts * [TREND] Nation-state operations stayed active, with Iran-linked Handala claiming it could cut Cal Water's supply and Russia still using Cellebrite to crack a dissident's phone. see: Iranian Hackers Claim Cal Water Breach; Russia Wields Cellebrite Against Dissidents * [UPDATE (new)] A wide patch wave landed as curl fixed a 25-year-old flaw, Chrome 149 closed 18 bugs, and GitLab patched 13 issues including three high-severity ones. see: Curl, Chrome, and GitLab Patch Old Flaws * [TREND] AI skepticism dominated the Reading list, with Zitron's Cargo Culture, Newport's Doom Trolling critique, and Figma's Dylan Field arguing AI is a tailwind, not a threat. see: Cargo Culture; Dear AI Companies: Stop the "Doom Trolling"; An Interview with Figma CEO Dylan Field About Design and AI * [UPDATE (new)] At the World Cup, Pochettino will rest four yellow-carded USMNT players against Türkiye, capping a turnaround from his 2025 Gold Cup final loss. see: Pochettino's Turnaround With the USMNT; USMNT Closes Group With Türkiye SECURITY ---------------------------------------------------------------- 1. CISCO SD-WAN ZERO-DAY GRANTS ROOT ACCESS Vulnerabilities and Exploits · [zero-day, patch, vulnerability] Latest developments: Mandiant published the full attack mechanics, showing an unknown actor abused rogue peering to connect to victim Cisco Catalyst SD-WAN devices and forge root-level accounts, and SecurityWeek counted CVE-2026-20245 as the seventh Cisco SD-WAN flaw exploited in 2026. CVE-2026-20245, a high-severity command-injection flaw in Cisco Catalyst SD-WAN, lets a local authenticated attacker run commands with elevated privileges; the actor exploited it as a zero-day at least two months before disclosure. Cisco has patched it, and operators should update and hunt for rogue root accounts. - SecurityWeek: https://www.securityweek.com/cisco-sd-wan-zero-day-exploited-months-before-patching/ - The Hacker News: https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-zero-day-cve-2026.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/attackers-hit-cisco-sd-wan-flaw-2-months-before-disclosure 2. LANTRONIX AND UBIQUITI FLAWS EXPLOITED Vulnerabilities and Exploits · [vulnerability, patch, ot] Latest developments: SecurityWeek confirmed attackers are now exploiting CVE-2025-67038 in the wild, one of the BRIDGE:BREAK serial-device flaws disclosed in April, days after CISA ordered federal agencies to patch the Lantronix bug by June 26, 2026. CVE-2025-67038, a CVSS 9.8 code-injection flaw in Lantronix EDS5000 serial-to-ethernet servers, sits alongside actively exploited Ubiquiti UniFi OS bugs that CISA added to its known-exploited catalog. Operators of internet-facing serial converters and UniFi gear should apply fixes immediately. - SecurityWeek: https://www.securityweek.com/lantronix-serial-to-ip-converter-flaw-exploited-in-attacks-after-ot-threat-warning/ - The Hacker News: https://thehackernews.com/2026/06/cisa-warns-critical-lantronix-eds5000.html - BleepingComputer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/ 3. CURL, CHROME, AND GITLAB PATCH OLD FLAWS Vulnerabilities and Exploits · [patch, browser, open-source] Latest developments: The curl project fixed a flaw that had lurked for 25 years in a release of 18 medium- and low-severity bugs, while Chrome 149 closed 18 vulnerabilities—more than half use-after-free defects—and GitLab patched 13 issues including three high-severity code-execution and information-disclosure bugs. A heavy patch day landed across widely deployed software, with curl, Google Chrome, and GitLab all shipping fixes. Administrators should update promptly, prioritizing the Chrome use-after-free bugs that can lead to remote code execution. - SecurityWeek: https://www.securityweek.com/25-year-old-vulnerability-patched-in-curl/ - SecurityWeek: https://www.securityweek.com/chrome-149-update-resolves-18-severe-vulnerabilities/ - SecurityWeek: https://www.securityweek.com/gitlab-patches-code-execution-information-disclosure-vulnerabilities/ 4. GASLIGHT MALWARE BLINDS AI ANALYSTS AI Security · [malware, ai, macos] Latest developments: Researchers named Gaslight, a previously undocumented Rust-based macOS implant and information stealer that embeds a prompt-injection payload to trick an analyst's AI tools into aborting or refusing examination of the sample. Gaslight steals data while hiding from automated analysis; its prompt-injection trick extends a wider pattern that Schneier and SecurityWeek both flag, where attackers poison the trusted data that autonomous AI agents read. Teams should treat AI-assisted triage output as fallible and verify findings by hand. - The Hacker News: https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/interesting-paper-exploring-prompt-injection.html - SecurityWeek: https://www.securityweek.com/when-information-becomes-the-attack-surface-understanding-ai-agent-traps/ 5. IRANIAN HACKERS CLAIM CAL WATER BREACH Industrial and OT Security · [critical-infrastructure, apt, ot] Latest developments: Cal Water and Mandiant found no evidence that the Iranian group Handala touched operational technology, despite the attackers' claim they could disrupt the California utility's water supply. Handala, an Iran-linked hacktivist crew, claimed it breached Cal Water and could interrupt supply; the utility called in Mandiant, which found the intrusion never reached water-treatment controls. The case underscores how hacktivists inflate access claims against critical infrastructure. - SecurityWeek: https://www.securityweek.com/cal-water-finds-no-evidence-of-ot-activity-after-hackers-claimed-they-could-disrupt-water-supply/ 6. RUSSIA WIELDS CELLEBRITE AGAINST DISSIDENTS Nation-State Activity · [surveillance, privacy, nation-state] Latest developments: Researchers found Russia kept using Cellebrite's phone-extraction tool to crack a dissident's device soon after the firm said in March 2021 it would stop working with the country, suggesting Cellebrite cannot pull its technology back from authoritarian customers. Cellebrite, the digital-forensics vendor, announced in March 2021 it would cut off Russia; the continued use of its product against a Russian dissident shows the company struggles to enforce that withdrawal. The case renews scrutiny of surveillance-tool export controls. - The Record: https://therecord.media/russia-used-cellebrite-tool-after-company-pulled-out-of-country BUSINESS AND POLITICS ---------------------------------------------------------------- * Markets Reprice Toward a Fed Rate Hike Latest developments: The Japanese yen sank to its weakest against the dollar since July 2024 and U.S. two-year Treasury yields climbed as traders shifted from pricing Federal Reserve cuts to betting the Fed's next move is a hike. Bets on a Federal Reserve rate increase ahead of Friday's PCE inflation reading lifted Treasury yields and drove the yen to multiyear lows, prompting Japanese officials to signal willingness to intervene, while European Central Bank board member Isabel Schnabel said the ECB will need to raise rates further to reach its 2% target. - WSJ Markets: https://www.wsj.com/finance/currencies/asian-currencies-consolidate-may-be-weighed-by-fed-rate-hike-expectations-dc5fed8c?mod=rss_markets_main - WSJ Markets: https://www.wsj.com/finance/investing/jgbs-rise-tracking-gains-in-u-s-treasurys-8e49bec6?mod=rss_markets_main - WSJ World News: https://www.wsj.com/pro/central-banking/ecb-will-need-to-raise-interest-rates-again-schnabel-says-ddb2e61c PITTSBURGH ---------------------------------------------------------------- Weather: Today: Partly Sunny then Chance Showers And Thunderstorms, high 84F. Tonight: Showers And Thunderstorms Likely, low 63F. Friday: Mostly Cloudy then Slight Chance Showers And Thunderstorms, high 82F. Business: * Tenaris Invests $90 Million in Beaver County Latest developments: Tenaris announced more than $90 million to upgrade its steel shop in Koppel and seamless-pipe facility in Ambridge. Tenaris, the global steel-pipe maker, will spend more than $90 million modernizing its Koppel steel shop and Ambridge seamless-pipe plant in Beaver County. - WPXI: https://www.wpxi.com/news/local/tenaris-invests-more-than-90m-into-beaver-county-steel-facilities/R5RKMYQYBRBRXF7Y3FJIWF637E/ * Arnold Palmer Airport Fights to Survive Latest developments: Spirit Airlines' signage is down, its reservation counter empty, and unbranded kiosks sit offline at Arnold Palmer Regional Airport after the carrier's grounding. Arnold Palmer Regional Airport near Latrobe in Westmoreland County is struggling to stay viable after Spirit Airlines, its main commercial carrier, halted service, leaving the terminal without a branded operator. - TribLive: https://triblive.com/local/westmoreland/arnold-palmer-regional-airport-struggles-to-survive-following-spirits-grounding/ * Blackthorne Golf Club Reopens Latest developments: Blackthorne Golf Club reopened to the public after a three-and-a-half-year closure tied to community and legal disputes. Blackthorne Golf Club, a course embedded in a residential development in Penn Township, Westmoreland County, reopened after a 3½-year shutdown amid multiple community and legal disputes. - TribLive: https://triblive.com/local/westmoreland/penn-townships-blackthorne-golf-club-reopens-after-multiyear-closure/ Around town: * KDKA-TV Building Augmented-Reality Studio Latest developments: KDKA-TV revealed it is gutting its Gateway Center studio to install augmented- and virtual-reality technology, with a launch planned later this year. KDKA-TV, the CBS station in downtown Pittsburgh, is rebuilding its Gateway Center news studio with green-screen walls and immersive augmented- and virtual-reality graphics for weather and news, joining a wave of CBS stations adopting the technology. - KDKA: https://www.cbsnews.com/pittsburgh/news/kdka-tv-news-studio-augmented-virtual-reality-technology/ * Skill-Game Tax Revenue at Risk Locally Latest developments: Jeannette manager Ethan Keedy warned the city's roughly $28,000 in annual skill-game tax revenue could dry up after this month's Pennsylvania Supreme Court ruling. A Pennsylvania Supreme Court ruling this month on skill games threatens local levies on the machines, including in Jeannette, the Westmoreland County city that collected about $28,000 last year taxing them. - TribLive: https://triblive.com/local/westmoreland/local-officials-concerned-court-ruling-could-cost-skill-game-revenue/ * Free STEM Camps in New Kensington Latest developments: The Digital Foundry in New Kensington is offering free summer STEM camps to area students in technology, engineering, and advanced manufacturing. The Digital Foundry, a technology and advanced-manufacturing center in New Kensington, Westmoreland County, is running free summer camps for local students focused on technology, engineering, and manufacturing. - TribLive: https://triblive.com/local/valley-news-dispatch/digital-foundry-in-new-kensington-offers-free-stem-camps-for-local-students/ Events: * Warhol Bridge Turns 100; OpenStreetsPGH Latest developments: The weekend adds Pittsburgh rapper Frzy opening a concert at Point State Park alongside the Andy Warhol Bridge's 100th Birthday Bash and OpenStreetsPGH. Pittsburgh celebrates the Andy Warhol Bridge's 100th birthday this weekend, June 26-28, with a bash on the span paired with the OpenStreetsPGH car-free streets event and a Point State Park concert opened by Pittsburgh rapper Frzy. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-25-28-2026/ - Pittsburgh Post-Gazette: https://www.post-gazette.com/life/recreation/2026/06/25/things-to-do-this-weekend-pittsburgh-5/stories/202606250011 * Pittsburgh CLO Opens 'Beautiful' Latest developments: The Pittsburgh CLO opened its 80th summer season this week with 'Beautiful: The Carole King Musical' at the Benedum Center. The Pittsburgh CLO launched its 80th summer season with 'Beautiful: The Carole King Musical,' the jukebox biography of songwriter Carole King, at the Benedum Center downtown. - TribLive: https://triblive.com/aande/theater-arts/review-pittsburgh-clo-scores-a-hit-with-beautiful-the-carole-king-musical-at-the-benedum-center/ SPORTS ---------------------------------------------------------------- Pirates (40-40) Wed Jun 24 · Mariners 1 · Pirates 11 · Final Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1 https://plaintextsports.com/mlb/2026-06-24/sea-pit Up Next · Mariners @ Pirates · Thu Jun 25, 12:35 PM https://plaintextsports.com/mlb/2026-06-25/sea-pit Around the Teams: * Is Marcell Ozuna Turning the Corner? Latest developments: The Post-Gazette examined whether Marcell Ozuna, after a rough start in Pittsburgh, is finally heating up at the plate. Pirates slugger Marcell Ozuna, who struggled badly early in the season, may be rounding into form, the Post-Gazette reported, as manager Don Kelly sorts a lineup that also leans on Ryan O'Hearn and Oneil Cruz. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/25/mlb-news-marcell-ozuna-don-kelly-ryan-ohearn-oneil-cruz/stories/202606240038 Team USA: * USMNT Closes Group With Türkiye Latest developments: The United States meets Türkiye on Thursday, June 25, in its Group D finale, with Mauricio Pochettino confirming he will sit his four yellow-carded players to keep them eligible for the round of 32 on July 1. Having already clinched a World Cup knockout spot atop Group D, the U.S. men's national team faces Türkiye in its group finale, and manager Mauricio Pochettino plans a rotated lineup to protect yellow-carded starters for the July 1 round of 32. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49169923/pochettino-risk-united-states-players-yellows - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49167040/what-turkiye-match-reveal-usmnt-world-cup-knockout-round-hopes * Pochettino's Turnaround With the USMNT Latest developments: The Guardian traced how Mauricio Pochettino's early failures, including a 2025 Gold Cup final loss to Mexico, forged the U.S. team now thriving as a World Cup co-host. A Guardian profile chronicled Mauricio Pochettino's rocky start as U.S. men's coach, from a tearful 2025 Gold Cup final defeat to Mexico through other setbacks that shaped the side now charming fans at the home World Cup. - Guardian World Cup 2026: https://www.theguardian.com/football/2026/jun/25/mauricio-pochettino-usa-turkey-world-cup-preview READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson interviews Figma chief executive Dylan Field on building the design tool and why Field believes AI is a tailwind for the company rather than a threat. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues much of the tech industry imitates the outward forms of successful companies without the underlying substance, in a critique of AI-era spending and hype. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport contends AI firms stoke fears about their own products' dangers as a marketing tactic, likening it to a carmaker boasting that its trucks are uniquely deadly. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,423.43 ▼ -0.1% Dow 51,657.14 ▲ +1.0% Nasdaq 25,953.97 ▼ -0.1% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1447 ▼ -1.2% GBP/USD 1.3232 ▼ -1.4% USD/JPY 161.30 ▲ +0.7% ================================================================ Generated 2026-06-25 09:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================