================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 25, 2026 - 12:07 PM EDT ================================================================ A stealthy new Mistic backdoor and weaponized browser extensions feed Europe's resurgent ransomware gangs while researchers warn that prompt injection has turned AI agents into the next attack surface. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Financially motivated access brokers are seeding stealthy implants like Mistic to hand ransomware crews a foothold just as Europe becomes the operators' richest new hunting ground. see: Mistic Backdoor Feeds Ransomware Access Broker; Europe Becomes Ransomware's Favorite Region * [TREND] Attackers keep smuggling malware through trusted browser add-ons, from the sandbox-escaping Edgecution extension to a 10-million-install YouTube ad blocker carrying dormant script injection. see: Malicious Browser Extensions Bridge to Malware * [TREND] New research flagged by Schneier shows the role tags LLMs depend on never survive internally, turning prompt injection into an architectural weakness as attackers poison data autonomous agents trust. see: Prompt Injection Turns AI Agents Into the Attack Surface * [UPDATE (new)] Cyberattacks snarled a dairy producer in Russia's Bashkortostan and disrupted app services at Ukraine's state postal operator on the same day. see: Cyberattacks Snarl Russian and Ukrainian Operators * [UPDATE (new)] PennDOT tested the slide for the 22-million-pound Commercial Street Bridge as KDKA flagged a First Alert tornado risk in Thursday's storms over Pittsburgh. see: Commercial Street Bridge Test Slide; Tornado Threat in Thursday Storms * [UPDATE (new)] Pittsburgh released road and parking plans for the free Commonwealth Concert Series at Point State Park headlined by Nelly and Third Eye Blind. see: Nelly, Third Eye Blind at the Point SECURITY ---------------------------------------------------------------- 1. PROMPT INJECTION TURNS AI AGENTS INTO THE ATTACK SURFACE AI Security · [ai, prompt-injection, supply-chain] Latest developments: A new paper flagged by Bruce Schneier showed the role tags LLMs rely on for security never survive into the model's internal representations, leaving role confusion exploitable, as SecurityWeek mapped how attackers poison the data autonomous agents trust and OpenClaw pulled five malicious ClawHub skills carrying infostealers. Prompt injection and cognitive-state poisoning turn trusted data sources and agent skill marketplaces into traps; teams deploying AI agents should treat every external input as hostile and vet marketplace skills before installing them. - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/interesting-paper-exploring-prompt-injection.html - SecurityWeek: https://www.securityweek.com/when-information-becomes-the-attack-surface-understanding-ai-agent-traps/ - Dark Reading: https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain 2. MISTIC BACKDOOR FEEDS RANSOMWARE ACCESS BROKER Ransomware and Cybercrime · [malware, ransomware, apt] Latest developments: Symantec and Carbon Black's Threat Hunter team detailed Mistic, a stealthy backdoor also tracked as MLTBackdoor that the access broker Woodgnat, also called KongTuke, has pushed since April 2026 through ClickFix and ModeloRAT campaigns. Mistic hits insurance, education, IT, and professional-services firms, and Woodgnat, a financially motivated initial-access broker active since May 2024, has handed footholds to the Qilin, Interlock, Rhysida, Akira, and 8Base ransomware crews; defenders should hunt ClickFix lures and the MLTBackdoor implant. - Help Net Security: https://www.helpnetsecurity.com/2026/06/25/mistic-backdoor-woodgnat-attacks/ - The Hacker News: https://thehackernews.com/2026/06/new-mistic-backdoor-linked-to-kongtuke.html 3. MALICIOUS BROWSER EXTENSIONS BRIDGE TO MALWARE Ransomware and Cybercrime · [malware, browser, ransomware] Latest developments: BleepingComputer documented Edgecution, a malicious Microsoft Edge extension that abused Native Messaging to escape the browser sandbox and drop a Python backdoor in a ransomware attack, while Island found Adblock for YouTube, an extension with more than 10 million installs and a Featured badge on the Chrome Web Store, carrying dormant code to run arbitrary JavaScript. Both cases turn trusted add-ons into malware delivery channels reaching millions of users; administrators should inventory installed extensions, strip unneeded ones, and watch for Native Messaging abuse and hidden script-injection capability. - BleepingComputer: https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/ - The Hacker News: https://thehackernews.com/2026/06/chrome-ad-blocker-with-10m-installs.html 4. CYBERATTACKS SNARL RUSSIAN AND UKRAINIAN OPERATORS Nation-State Activity · [apt, breach] Latest developments: A cyberattack snarled operations at a dairy producer in Russia's republic of Bashkortostan, the latest of the country's milk processors to suffer one, and on the same day a suspected cyberattack disrupted app services at Ukraine's state postal operator. Unidentified attackers keep striking food and logistics targets on both sides of the war; the Russian producer lost operational systems while Ukraine's postal service warned customers of degraded app services as it investigates. - The Record: https://therecord.media/russia-dairy-producter-cyberattack-ufa - The Record: https://therecord.media/ukraine-state-postal-operator-reports-disruption 5. EUROPE BECOMES RANSOMWARE'S FAVORITE REGION Ransomware and Cybercrime · [ransomware, breach] Latest developments: Dark Reading reported that ransomware crews, after a global lull, have swung toward European Union organizations and their suppliers, turning the region into the operators' richest new hunting ground. Gangs increasingly target EU enterprises and the smaller suppliers feeding their supply chains; European firms should tighten third-party risk programs, segmentation, and offline backups. - Dark Reading: https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region 6. NIST REOPENS IOT SECURITY GUIDANCE Policy and Regulation · [policy, iot] Latest developments: NIST opened an updated draft of its IoT security guidance for public review, defining product cybersecurity requirements for devices that connect to federal agency networks. The guidance would set baseline security expectations for IoT products entering U.S. government environments; vendors and agencies can file comments during the review window. - SecurityWeek: https://www.securityweek.com/nist-opens-updated-iot-security-guidance-to-public-review/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Inflation Spike Hardens Fed Hawkish Turn Latest developments: May personal-consumption-expenditures inflation printed above expectations at a three-year high, and the dollar climbed to 161.94 yen—its strongest since July 2024 and near a 40-year peak—putting Tokyo on intervention watch. The Federal Reserve's preferred inflation gauge jumped to a three-year high in May, reinforcing trader bets that the Fed's next move is a rate hike, while the dollar's surge toward a four-decade high against the yen has markets braced for Japanese intervention. - FT Markets: https://www.ft.com/content/59dee44a-7cf3-44d5-a6e9-751d9683806a - WSJ Markets: https://www.wsj.com/finance/currencies/markets-on-watch-for-yen-intervention-but-that-may-not-turn-the-tide-0a384b56?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Chance Showers And Thunderstorms, high 82F. Tonight: Showers And Thunderstorms Likely, low 64F. Friday: Mostly Cloudy then Slight Chance Showers And Thunderstorms, high 82F. Business: * City Council Taxes Skill Games Latest developments: Pittsburgh City Council voted Wednesday to enact the skill-games tax that Councilman Anthony Coghill had floated days earlier. Pittsburgh City Council passed a tax on skill games, the slot-like machines now taxable after the Pennsylvania Supreme Court's June ruling, aiming to capture revenue inside the city before Harrisburg sets statewide rules. - WPXI: https://www.wpxi.com/news/local/pittsburgh-city-council-votes-tax-skill-games/WRWLD4IQWJDWTEHAVLODQ3MB4M/ * Record Pennsylvania Film Tax Credits Latest developments: The Pennsylvania Film Office awarded $117 million in film-production tax credits to a record 59 projects, film commissioner Gino Anthony Pesi announced. The Pennsylvania Film Office distributed $117 million through its Film Production Tax Credit Program to 59 projects, the most ever, which it estimates will inject $1.1 billion into the economy across 35 counties as independent-filmmaker demand surges. - WPXI: https://www.wpxi.com/news/local/record-59-film-projects-receive-pennsylvania-tax-credits-demand-independent-filmmakers-surges/WG7VMERKDFABNOA626IIXLRGJ4/ * Hellbender Builds AI 'Eyes' in Harmar Latest developments: WPXI profiled Hellbender Inc., the Harmar Township firm that manufactures camera systems for AI and robotics, led by co-founder and chief executive Brian Beyer. Brian Beyer, a Marine Corps veteran, co-founded and runs Hellbender Inc. in Harmar Township, where the company manufactures the camera systems—what Beyer calls the 'eyes and brains'—for artificial-intelligence and robotics applications. - WPXI: https://www.wpxi.com/news/local/marine-corps-veteran-turned-ceo-brings-all-together-pull-mentality-ai-hardware-company/FYFQHYJ6CJD3VJTQULHB6RHFP4/ Around town: * Commercial Street Bridge Test Slide Latest developments: PennDOT tested the system Thursday, June 25, that will slide the new 22-million-pound Commercial Street Bridge into place, closing the street and the Nine Mile Run trail beneath Interstate 376 ahead of a full Parkway East closure on July 10. PennDOT is replacing the Commercial Street Bridge where it crosses beneath the Parkway East near Frick Park, and crews tested the slide mechanism for the new span before the full Interstate 376 closure scheduled for July 10. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/transportation/2026/06/25/parkway-east-commercial-street-bridge-closure/stories/202606250061 - KDKA: https://www.cbsnews.com/pittsburgh/news/penndot-major-test-parkway-east-commercial-street-bridge-replacement/ * Tornado Threat in Thursday Storms Latest developments: KDKA-TV declared Thursday, June 25, a First Alert Weather Day, with scattered storms and a low tornado risk arriving around 2 p.m. as a cold front stalls over the region. A cold front stalling over western Pennsylvania set off scattered afternoon and evening thunderstorms Thursday, June 25, carrying high winds and a small tornado threat, the Storm Prediction Center's lowest non-zero risk level. - KDKA: https://www.cbsnews.com/pittsburgh/news/strong-storms-and-tornado-threat-weather-forecast-pittsburgh/ * Walnut Capital Advances Two Projects Latest developments: Walnut Capital Partners will bring two developments, on the South Side and in the East End, before the Pittsburgh Planning Commission at its meeting Tuesday. Walnut Capital Partners, the developer behind Bakery Square, is set to present plans for projects on Pittsburgh's South Side and in the East End to the city Planning Commission next Tuesday. - WPXI: https://www.wpxi.com/news/local/walnut-capital-poised-move-forward-south-side-east-end/RSZYBXP2YJGWFEIEV3QYRH25FA/ Events: * Nelly, Third Eye Blind at the Point Latest developments: The city and America250PA released road-closure, parking, and safety plans for the free, ticketed Commonwealth Concert Series at Point State Park, headlined by Nelly and Third Eye Blind. Nelly and Third Eye Blind headline the free, ticketed Commonwealth Concert Series staged by America250PA at Point State Park downtown this weekend, with Pittsburgh rapper Frzy opening and the city detailing road closures and parking around the riverfront site. - WPXI: https://www.wpxi.com/news/local/nelly-third-eye-blind-pittsburgh-road-closures-parking-more-america250pa-concert/PBFEWOPNU5F2TKYXPI624S5ILM/ * Pittsburgh Choreography Festival Latest developments: The Pittsburgh Dance Workshop and Choreography Festival runs Thursday through Saturday, June 25-27, at the Charity Randall Theatre in Oakland. The Pittsburgh Dance Workshop and Choreography Festival presents original works by emerging and established choreographers from the region and beyond at the Charity Randall Theatre in Oakland, with performances at various times Thursday through Saturday, June 25-27. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-25-28-2026/ * Pittsburgh Symphony Caps Its Season Latest developments: The Pittsburgh Symphony Orchestra closed its classical season with Aaron Copland's 'Appalachian Spring' amid rising attendance, and its summer movie-music series continues at Heinz Hall. The Pittsburgh Symphony Orchestra ended its classical season at Heinz Hall downtown with a program built around Copland's 'Appalachian Spring,' which a Post-Gazette analysis tied to rising attendance, as the orchestra rolls into a summer series of film-score concerts. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/music/2026/06/24/pittsburgh-symphony-orchestra-classical-season/stories/202606240010 SPORTS ---------------------------------------------------------------- Pirates (40-40) Wed Jun 24 · Mariners 1 · Pirates 11 · Final Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1 https://plaintextsports.com/mlb/2026-06-24/sea-pit Up Next · Mariners @ Pirates · Thu Jun 25, 12:35 PM https://plaintextsports.com/mlb/2026-06-25/sea-pit Around the Teams: * Pirates' Injuries Mount as Horwitz Hits IL Latest developments: The Post-Gazette reported first baseman Spencer Horwitz went on the injured list, the latest blow to a banged-up Pirates roster still tracking Konnor Griffin's rehab. The Pittsburgh Pirates placed first baseman Spencer Horwitz on the injured list, and the Post-Gazette weighed how the club, near .500 at the season's midpoint, fills the gaps as prospect Konnor Griffin works back from injury at Double-A Altoona. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/25/spencer-horwitz-brannigan-konnor-griffin-injury-updates-mlb/stories/202606250062 * Hiles: Pirates Shouldn't Buy at the Deadline Latest developments: Post-Gazette columnist Noah Hiles argued the 40-40 Pirates have not earned the right to be buyers at the July trade deadline. Post-Gazette writer Noah Hiles contended the .500 Pirates do not deserve to add at the trade deadline, faulting general manager Ben Cherington and owner Bob Nutting for failing to build a contender around ace Paul Skenes. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/24/hiles-mlb-trade-deadline-cherington-skenes-nutting/stories/202606240040 * Dulac on the Steelers' QB Room Latest developments: In his June 24 chat, Post-Gazette beat writer Gerry Dulac fielded questions on Aaron Rodgers, Mike McCarthy, cornerback Joey Porter Jr., and rookie passers Will Howard and Drew Allar. Post-Gazette Steelers beat writer Gerry Dulac took reader questions about quarterback Aaron Rodgers, Mike McCarthy, cornerback Joey Porter Jr., and the rookie quarterback picture of Will Howard and Drew Allar heading toward training camp at Saint Vincent College. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/24/nfl-news-joey-porter-rodgers-mccarthy-will-howard-allar/stories/202606240035 Team USA: * Charges Against Bode Miller to Be Dropped Latest developments: Bode Miller's attorney said two misdemeanor drug charges against the Olympic gold-medal skier will be dropped. An attorney for Bode Miller, the Olympic gold-medalist Alpine skier, said prosecutors will drop a pair of misdemeanor drug charges against him. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49170769/drug-charges-bode-miller-dropped-attorney-says * Inside the USMNT's World Cup Base Latest developments: ESPN detailed how the U.S. men's squad has bonded at its Southern California base before the round of 32, down to golf carts borrowed from a Dana Point dealer. ESPN chronicled the off-field life of the U.S. men's national team at its World Cup base in Dana Point, California, where golf-cart rides and pizza runs have bound Christian Pulisic, Weston McKennie, and Alex Zendejas as the co-hosts await their July 1 round-of-32 match. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49171253/christian-pulisic-weston-mckennie-zendejas-pizza-usmnt-world-cup-golf-carts READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson interviews Figma chief executive Dylan Field about building the company and why Field believes artificial intelligence is a tailwind for the design platform rather than a threat to it. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues the technology and AI industry has slipped into 'cargo culting,' imitating the outward rituals and language of past breakthroughs while lacking the substance that once produced real innovation. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport contends AI companies should stop publicly warning that their own products may be dangerously powerful, arguing by analogy to Ford hyping the dangers of an F-150 that such self-alarm is a marketing tactic rather than genuine concern. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,423.43 ▼ -0.1% Dow 51,657.14 ▲ +1.0% Nasdaq 25,953.97 ▼ -0.1% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1447 ▼ -1.2% GBP/USD 1.3232 ▼ -1.4% USD/JPY 161.30 ▲ +0.7% ================================================================ Generated 2026-06-25 12:07 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================