================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 25, 2026 - 4:06 PM EDT ================================================================ Malware called Gaslight now plants prompt-injection traps to derail the AI tools analysts point at it, while attackers exploit Cisco zero-days and Lantronix industrial converters before defenders can patch. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Attackers are turning defenders' own AI against them, with the Rust-based macOS implant Gaslight embedding prompt-injection strings that order an analyst's assistant to abandon the investigation. see: Gaslight Malware Sabotages AI Analysis Tools * [TREND] Threat actors keep beating patches as CISA flags exploited Cisco and PTC bugs and a Lantronix converter flaw, while Curl, GitLab, and Chrome ship fixes. see: CISA Flags Cisco and PTC Flaws as Exploited; Lantronix Flaw Exploited as ICS Advisories Mount; Patch Wave Hits Curl, GitLab, and Chrome * [TREND] Iran is escalating on multiple fronts, striking a cargo ship in the Strait of Hormuz as the Handala group claims a breach of California Water Service. see: Iran Strikes Cargo Ship in Strait of Hormuz; Iranian Handala Targets California Water Utility * [TREND] Commentators are souring on AI hype, with Zitron's 'Cargo Culture' critique and Newport decrying 'Doom Trolling,' while Figma's Dylan Field counters that AI is a tailwind. see: Cargo Culture; Dear AI Companies: Stop the "Doom Trolling"; An Interview with Figma CEO Dylan Field About Design and AI * [UPDATE (new)] Pittsburgh saw big moves as UPMC and Highmark pledged $45 million for first responders, the Hoffmann family took over the Penguins, and PennDOT tested the Commercial Street span slide. see: UPMC, Highmark Pledge $45 Million for Public Safety; Hoffmann Family Takes Over the Penguins; PennDOT Tests Commercial Street Bridge Slide SECURITY ---------------------------------------------------------------- 1. CISA FLAGS CISCO AND PTC FLAWS AS EXPLOITED Vulnerabilities and Exploits · [zero-day, patch, exploit] Latest developments: CISA added Cisco Unified Communications Manager server-side request forgery flaw CVE-2026-20230 and PTC Windchill and FlexPLM input-validation flaw CVE-2026-12569 to its known exploited vulnerabilities catalog, as Mandiant detailed how attackers rode Catalyst SD-WAN zero-day CVE-2026-20245 to forge root accounts for two months before disclosure. CVE-2026-20230 lets unauthenticated attackers forge server-side requests through Cisco Unified Communications Manager, CVE-2026-12569 hits PTC's Windchill and FlexPLM product-lifecycle software, and CVE-2026-20245 grants root on Catalyst SD-WAN via rogue peering. Federal agencies must patch all three under CISA's binding directive. - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/25/cisa-adds-two-known-exploited-vulnerabilities-catalog - SecurityWeek: https://www.securityweek.com/cisco-sd-wan-zero-day-exploited-months-before-patching/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - The Hacker News: https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-zero-day-cve-2026.html 2. LANTRONIX FLAW EXPLOITED AS ICS ADVISORIES MOUNT Industrial and OT Security · [ics, ot, exploit] Latest developments: Attackers began exploiting CVE-2025-67038 in Lantronix serial-to-IP converters, one of April's BRIDGE:BREAK flaws, the same day CISA published advisories covering EVoke Systems charging-station management software at CVSS 9.4, Daktronics controller firmware granting root access, Schneider Electric PowerLogic P7 relays, and Yokogawa FAST/TOOLS. CVE-2025-67038 lets attackers reach Lantronix converters that bridge legacy industrial gear to networks. CISA's same-day advisories span EV charging, electronic displays, protection relays, and SCADA software; operators should segment and patch exposed devices. - SecurityWeek: https://www.securityweek.com/lantronix-serial-to-ip-converter-flaw-exploited-in-attacks-after-ot-threat-warning/ - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02 - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04 - CISA Advisories: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-07 3. PATCH WAVE HITS CURL, GITLAB, AND CHROME Vulnerabilities and Exploits · [patch, open-source] Latest developments: Curl shipped fixes for 18 flaws including one that sat in the code for 25 years, GitLab patched 13 bugs across CE and EE with three high-severity defects enabling code execution and information disclosure, and Google's Chrome 149 closed 18 vulnerabilities, more than half of them use-after-free defects. The 25-year-old curl flaw landed among 18 medium- and low-severity fixes, GitLab's high-severity bugs threaten self-managed instances, and Chrome's use-after-free defects can lead to remote code execution. Update all three now. - SecurityWeek: https://www.securityweek.com/25-year-old-vulnerability-patched-in-curl/ - SecurityWeek: https://www.securityweek.com/gitlab-patches-code-execution-information-disclosure-vulnerabilities/ - SecurityWeek: https://www.securityweek.com/chrome-149-update-resolves-18-severe-vulnerabilities/ 4. GASLIGHT MALWARE SABOTAGES AI ANALYSIS TOOLS AI Security · [malware, ai, macos] Latest developments: Researchers documented Gaslight, a Rust-based macOS implant and information stealer that hides prompt-injection strings and fake debugging data inside its executable to trick AI-assisted malware analysis tools into aborting or refusing the examination. Gaslight exfiltrates data while embedding deceptive instructions that tell a malware analyst's AI assistant to refuse the job. Analysts who route samples through AI triage should verify every finding by hand. - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/ - The Hacker News: https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html 5. PHISHING KITS ADOPT BROWSER-IN-THE-MIDDLE AND TRUSTED APPS Ransomware and Cybercrime · [phishing, social-engineering] Latest developments: The Bluekit phishing-as-a-service platform added browser-in-the-middle capability and spun up nearly 70 new hostnames in a week to steal logins, while separate actors abused Shopify's Shop order-tracking app, planting fake purchase receipts to lure users into installing remote-access software. Bluekit rents infrastructure that proxies victims through a real browser session to capture credentials and tokens past multi-factor prompts. Attackers separately seed fake receipts in Shop order histories to start callback-phishing calls; treat unexpected receipts and support numbers as bait. - BleepingComputer: https://www.bleepingcomputer.com/news/security/bluekit-phishing-kit-adopts-browser-in-the-middle-for-login-theft/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/order-tracking-app-shop-abused-to-push-callback-phishing-attacks/ 6. IRANIAN HANDALA TARGETS CALIFORNIA WATER UTILITY Nation-State Activity · [apt, ics, iran] Latest developments: California Water Service said Mandiant found no evidence the Iranian hacking group Handala reached operational-technology systems, despite the group's claim that it breached the utility and could disrupt the water supply. California Water Service, a major U.S. water utility, brought in Mandiant after Handala claimed access and the ability to disrupt supply. The investigation confirmed the intrusion never touched the controls that run treatment and distribution. - SecurityWeek: https://www.securityweek.com/cal-water-finds-no-evidence-of-ot-activity-after-hackers-claimed-they-could-disrupt-water-supply/ BUSINESS AND POLITICS ---------------------------------------------------------------- * Iran Strikes Cargo Ship in Strait of Hormuz Latest developments: Iran hit a container ship with a projectile in the Strait of Hormuz on June 25, and the International Maritime Organization paused the plan to evacuate vessels stranded by the blockade. The strike came hours after Iran warned ships to avoid routes its regime had not sanctioned, testing the deal President Trump brokered to reopen the waterway; Brent crude settled higher even after prices had returned to prewar levels below $72.48 a barrel. - WSJ World News: https://www.wsj.com/world/middle-east/iran-attacks-cargo-ship-testing-trumps-deal-to-reopen-strait-d3cf454c - FT World: https://www.ft.com/content/5abcb3c1-8ce8-470f-8a37-f47af58b2f7c * Supreme Court Hands Bayer a Roundup Win Latest developments: The U.S. Supreme Court on June 25 overturned a verdict against Bayer over its Roundup weedkiller, a ruling expected to block thousands of cancer-warning lawsuits. The justices threw out the verdict that had anchored billions of dollars in claims alleging Bayer's Monsanto unit failed to warn that Roundup's glyphosate causes cancer, lifting a years-long legal overhang on the German company. - FT World: https://www.ft.com/content/4f87f951-a647-497a-90a6-bc28c14fe419 PITTSBURGH ---------------------------------------------------------------- Weather: This Afternoon: Partly Sunny, high 82F. Tonight: Scattered Showers And Thunderstorms then Showers And Thunderstorms, low 64F. Friday: Mostly Cloudy then Isolated Showers And Thunderstorms, high 82F. Business: * UPMC, Highmark Pledge $45 Million for Public Safety Latest developments: Mayor Corey O'Connor announced June 25 that UPMC and Highmark will give Pittsburgh $45 million over five years to buy fire trucks, ambulances, and other first-responder equipment, on top of $10 million UPMC pledged earlier. The two tax-exempt health giants, long criticized for their sprawling nontaxable property holdings, will fund replacements for the city's aging public safety fleet under the partnership O'Connor unveiled. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-local/2026/06/25/upmc-highmark-public-safety-fleet-gift/stories/202606250071 - TribLive: https://triblive.com/local/oconnor-announces-45m-in-donations-from-highmark-upmc-to-buy-fire-trucks-ambulances/ * Hoffmann Family Takes Over the Penguins Latest developments: The Hoffmann family introduced itself June 25 as the Penguins' new principal owners, pledging commitment to Pittsburgh and a continuing role for franchise legend Mario Lemieux. David Hoffmann and his family, completing their purchase from Fenway Sports Group, told fans 'you will win in Pittsburgh' and said they want Lemieux involved for generations to come. - Pittsburgh Post-Gazette: https://www.post-gazette.com/sports/penguins/2026/06/25/nhl-sale-pittsburgh-hoffmann-fenway-sports-group/stories/202606250059 - TribLive: https://triblive.com/sports/new-penguins-owners-proclaim-you-will-win-in-pittsburgh/ Around town: * PennDOT Tests Commercial Street Bridge Slide Latest developments: PennDOT closed Commercial Street and the Nine Mile Run trail June 25 to test the system that will slide the 22-million-pound replacement span into place, and Pittsburgh Regional Transit released detour guidance for the coming Parkway East closure. The Commercial Street Bridge replacement beneath Interstate 376 near Frick Park will shut the Parkway East for nearly a month starting in July; PennDOT's test confirmed the slide mechanism before the move. - KDKA: https://www.cbsnews.com/pittsburgh/news/penndot-major-test-parkway-east-commercial-street-bridge-replacement/ - WPXI: https://www.wpxi.com/news/local/pittsburgh-regional-transit-offers-advice-travel-during-commercial-street-bridge-replacement/TQGDL2IO6JCVLASYLIQTXAR7OM/ * Shaler Police Target Route 8 Speeders Latest developments: The Shaler Township Police Department launched 'Operation Safe Speed' to crack down on speeding and aggressive driving along Route 8. Police Chief Sean Frank said his officers are freshening their patrols on the busy artery that connects Allegheny and Butler counties, aiming to change driving habits on one of the area's heaviest-traveled roads. - KDKA: https://www.cbsnews.com/pittsburgh/news/route-8-police-speeding-enforcement/ Events: * Frzy Opens Free Concert at the Point Latest developments: Pittsburgh rapper Frzy joined the bill as an opener for the free concert at Point State Park this weekend, the Post-Gazette's things-to-do guide reported. The performance is part of the free, ticketed Commonwealth Concert Series at Point State Park downtown, a weekend lineup that also marks the Andy Warhol Bridge's 100th birthday across the city, June 25-28. - Post-Gazette Music: https://www.post-gazette.com/life/recreation/2026/06/25/things-to-do-this-weekend-pittsburgh-5/stories/202606250011 * 'Open Columns' Completes Airport Art Program Latest developments: Artist Patrick Marold's 'Open Columns' installation completed the public-art transformation at Pittsburgh International Airport's new terminal. The work caps the art program built into the recently opened terminal, and travelers can view it as they move through the building in Findlay Township. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/art-architecture/2026/06/25/patrick-marold-pittsburgh-international-airport-open-columns/stories/202606220027 SPORTS ---------------------------------------------------------------- Pirates (41-40) Wed Jun 24 · Mariners 1 · Pirates 11 · Final Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1 https://plaintextsports.com/mlb/2026-06-24/sea-pit Thu Jun 25 · Mariners 1 · Pirates 5 · Final Brandon Lowe, Henry Davis each homer to lead Pirates over Mariners 5-1 https://plaintextsports.com/mlb/2026-06-25/sea-pit Up Next · Reds @ Pirates · Fri Jun 26, 6:40 PM https://plaintextsports.com/mlb/2026-06-26/cin-pit Around the Teams: * Eric Ebron Joins Not Just Football Latest developments: Former tight end Eric Ebron sat down with Cam Heyward's 'Not Just Football' podcast for a wide-ranging talk on his career and his retirement at 28. Ebron shared locker-room stories from Detroit, Indianapolis, and Pittsburgh, reflected on Andrew Luck's retirement, and touched on Bill Belichick taking over at North Carolina. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=KgmEBua4Rog * Konnor Griffin Hits in Altoona Rehab Latest developments: Pirates prospect Konnor Griffin excelled at the plate in a rehab start at Double-A Altoona, the Post-Gazette reported. Griffin's progress offers a bright spot for an injury-riddled Pirates roster that placed first baseman Spencer Horwitz on the injured list this week. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/24/milb-mlb-konnor-griffin-altoona-pirates/stories/202606240073 Team USA: * USMNT Closes Group D Against Türkiye Latest developments: The U.S. men's national team played its Group D finale against Türkiye on June 25, with manager Mauricio Pochettino rotating his lineup and resting four yellow-carded players to keep them eligible for the round of 32. Having already clinched a knockout spot as a World Cup co-host, the United States used the match to manage suspensions ahead of its round-of-32 game July 1, with ESPN noting Türkiye presents a test similar to the tournament's best sides. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49167040/what-turkiye-match-reveal-usmnt-world-cup-knockout-round-hopes - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49169923/pochettino-risk-united-states-players-yellows READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Figma chief executive Dylan Field discusses building the design company and makes the case that AI is a tailwind for Figma rather than a threat to it. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues that much of the tech and AI industry imitates the surface rituals and spending of past successes without the underlying substance or returns to justify them. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport urges AI companies to stop publicizing alarming claims about their own products' dangers, likening it to a carmaker warning that its bestselling truck might be catastrophically unsafe. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,423.43 ▼ -0.1% Dow 51,657.14 ▲ +1.0% Nasdaq 25,953.97 ▼ -0.1% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1447 ▼ -1.2% GBP/USD 1.3232 ▼ -1.4% USD/JPY 161.30 ▲ +0.7% ================================================================ Generated 2026-06-25 16:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================