================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Thursday, June 25, 2026 - 9:06 PM EDT ================================================================ Freshly exposed backdoors—from a Southeast Asian espionage toolkit to a ransomware-feeding access broker—dominated the day as police across Europe and Asia dismantled SIM-swap and piracy operations. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Unit 42's CL-STA-1062 deployed the TinyRCT backdoor against Southeast Asian governments as the Russia-Ukraine cyber front widened to food producers and Ukraine's postal operator. see: State-Sponsored Espionage Sharpens Its Backdoors; Russia-Ukraine Cyber Front Widens * [UPDATE (new)] Symantec tied the new Mistic backdoor to initial-access broker Woodgnat, which has fed Qilin, Interlock, Rhysida and Akira ransomware operations. see: Mistic Backdoor Feeds Ransomware Crews * [UPDATE (new)] Polish authorities arrested four suspects in a SIM-swapping gang behind millions in crypto theft while investigators seized 44 PirloTV sports-piracy domains. see: Police Hit SIM-Swap and Piracy Operations * [UPDATE (new)] Island researchers flagged Adblock for YouTube, a Featured Chrome extension with over 10 million installs, hiding dormant code to inject arbitrary JavaScript. see: Chrome Ad Blocker Hides Script Injection * [TREND] Apple's 20% price hikes and a $263 billion wipeout spotlighted an AI memory crunch as writers picked apart the industry's cargo culture and AI doom trolling. see: AI Memory Shortage Jolts Tech Stocks; Cargo Culture; Dear AI Companies: Stop the "Doom Trolling" * [UPDATE (new)] Pennsylvania's House passed bills letting municipalities cap data-center projects as a Downtown tax-diversion renovation plan drew fire over transparency and equity. see: Pa. House Passes Data-Center Limits; Downtown Tax-Diversion Plan Draws Fire SECURITY ---------------------------------------------------------------- 1. STATE-SPONSORED ESPIONAGE SHARPENS ITS BACKDOORS Nation-State Activity · [apt, espionage, backdoor] Latest developments: Unit 42 detailed CL-STA-1062, a hybrid toolkit built around the custom TinyRCT backdoor that struck Southeast Asian governments and critical infrastructure; Microsoft Threat Intelligence found a photo-themed ZIP campaign planting a persistent Node.js implant in European and Asian hospitality firms; and Dark Reading reported that Russia's FSB-run Gamaredon improved its malware loading and server hiding. Three espionage operations surfaced at once, each pairing custom implants with stealth tradecraft. Defenders facing CL-STA-1062, the hospitality Node.js implant, or Gamaredon should hunt for unusual loaders, fake image shortcut files, and beaconing to concealed infrastructure. - Unit 42 (Palo Alto): https://unit42.paloaltonetworks.com/cl-sta-1062-tinyrct-backdoor/ - Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/06/25/photo-zip-campaign-targeting-hospitality-industry-delivers-node-js-implant-persistent-access/ - Dark Reading: https://www.darkreading.com/threat-intelligence/russia-apt-gamaredon-arsenal-defense 2. RUSSIA-UKRAINE CYBER FRONT WIDENS Nation-State Activity · [nation-state, critical-infrastructure, surveillance] Latest developments: A dairy manufacturer in Russia's republic of Bashkortostan became the latest food producer there to have operations snarled by a cyberattack; Ukraine's state-owned postal operator reported app disruptions from a suspected attack; and researchers found Russia kept using Cellebrite's phone-cracking tool against a dissident years after the firm said in March 2021 it would stop serving the country. The war's cyber dimension keeps disrupting civilian infrastructure on both sides while Russian authorities repurpose Western forensic tools for repression. Organizations in the conflict zone should brace for service-disrupting intrusions, and surveillance vendors face fresh questions about controlling deployed gear. - The Record: https://therecord.media/russia-dairy-producter-cyberattack-ufa - The Record: https://therecord.media/ukraine-state-postal-operator-reports-disruption - The Record: https://therecord.media/russia-used-cellebrite-tool-after-company-pulled-out-of-country 3. POLICE HIT SIM-SWAP AND PIRACY OPERATIONS Ransomware and Cybercrime · [cybercrime, law-enforcement, sim-swap] Latest developments: Polish authorities arrested four members of a cybercrime group that breached telecom partners to run SIM-swapping attacks tied to millions in cryptocurrency theft; investigators seized 44 domains linked to the PirloTV sports-piracy network; and Dark Reading reported that local police collusion keeps Southeast Asian scam centers running despite international pressure. Law enforcement landed fresh blows against telecom-enabled fraud and illegal streaming, while entrenched corruption still shields the multibillion-dollar scam-center economy. Telecom carriers should tighten SIM-change controls and account-recovery verification. - BleepingComputer: https://www.bleepingcomputer.com/news/security/poland-busts-sim-swapping-gang-tied-to-millions-in-crypto-theft/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/pirlotv-sports-piracy-network-disrupted-as-44-domains-seized/ - Dark Reading: https://www.darkreading.com/threat-intelligence/police-collusion-crackdown-asian-scam-centers 4. CISA PLANS HIRING AS WINDOWS 10 SUPPORT EXTENDS Policy and Regulation · [policy, patch] Latest developments: Homeland Security Secretary Markwayne Mullin told lawmakers that President Trump has met a potential CISA director nominee and that the agency will hire 600 once a director is seated; Microsoft quietly extended free Windows 10 Extended Security Updates for consumers to October 12, 2027; and NIST opened updated IoT security guidance for public review. U.S. policy moves touched the federal cyber workforce, legacy-operating-system support, and device security baselines. Enterprises still running Windows 10 gain another year of consumer ESU coverage, and IoT vendors can comment on the draft federal requirements. - The Record: https://therecord.media/cisa-director-nominee-workforce-hires-mullin-house-hearing - BleepingComputer: https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-extends-free-windows-10-esu-support-to-october-2027/ - SecurityWeek: https://www.securityweek.com/nist-opens-updated-iot-security-guidance-to-public-review/ 5. MISTIC BACKDOOR FEEDS RANSOMWARE CREWS Ransomware and Cybercrime · [ransomware, backdoor, access-broker] Latest developments: Symantec and Carbon Black's Threat Hunter Team tied the new Mistic backdoor, also called MLTBackdoor, to the initial access broker Woodgnat, known as KongTuke, which has fed ransomware operations including Qilin, Interlock, Rhysida, Akira, and 8Base, with the implant hitting insurance, education, IT, and professional-services firms since April 2026. Mistic is a stealthy backdoor spread through ClickFix and ModeloRAT campaigns by a financially motivated access broker active since May 2024. Affected sectors should watch for KongTuke lures that precede ransomware deployment. - Help Net Security: https://www.helpnetsecurity.com/2026/06/25/mistic-backdoor-woodgnat-attacks/ - The Hacker News: https://thehackernews.com/2026/06/new-mistic-backdoor-linked-to-kongtuke.html 6. CHROME AD BLOCKER HIDES SCRIPT INJECTION Vulnerabilities and Exploits · [supply-chain, browser] Latest developments: Island researchers found that Adblock for YouTube, a Chrome extension carrying more than 10 million installs and a Featured badge on the Chrome Web Store, holds dormant code able to execute arbitrary JavaScript on pages users visit. The extension, ID cmedhionkhpnakcndndgjdbohmhepckk, advertises ad blocking yet conceals script-injection capability that could hijack browsing sessions. Users should remove it and audit their installed extensions. - The Hacker News: https://thehackernews.com/2026/06/chrome-ad-blocker-with-10m-installs.html BUSINESS AND POLITICS ---------------------------------------------------------------- * AI Memory Shortage Jolts Tech Stocks Latest developments: Apple raised MacBook and iPad prices 20% on June 25, blaming an AI-driven memory shortage, and shed about $263 billion in market value the same day Micron's blowout results sent chip shares climbing. Micron Technology posted a 15-fold profit surge on AI-fueled demand for computer memory, driving a chipmaker rally, while Apple cited the same memory shortage for its first major price increases on MacBooks and iPads and absorbed one of the largest single-day market-capitalization losses on record. - FT World: https://www.ft.com/content/0f067265-2baf-4b6e-8fb2-ed56daef6f3c - FT World: https://www.ft.com/content/9b739203-3274-43f1-b61e-c1905061d32a - WSJ Markets: https://www.wsj.com/finance/stocks/u-s-stocks-mixed-as-micron-surges-apple-slumps-8e733213?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Showers And Thunderstorms Likely then Chance Showers And Thunderstorms, low 64F. Friday: Mostly Cloudy then Isolated Showers And Thunderstorms, high 82F. Friday Night: Isolated Showers And Thunderstorms then Showers And Thunderstorms, low 65F. Business: * Schwebel's to Close Local Outlet Stores Latest developments: Schwebel's bakery outlet stores across western Pennsylvania will shut down as part of the company's wind-down, WTAE reported June 25. Schwebel Baking Company, the bread maker that announced its liquidation after more than 120 years, will close its Schwebel's retail outlet stores in the region, pulling a longtime brand from local shelves. - WTAE: https://www.wtae.com/article/schwebels-bakery-outlet-stores-closing/71734772 * Pa. House Passes Data-Center Limits Latest developments: The Pennsylvania House passed bills June 25 letting municipalities impose moratoriums on data-center projects and limiting their tax breaks, moving past the committee stage they cleared earlier. Responding to growing backlash over data centers' energy and water demands, the Pennsylvania House approved legislation allowing local governments to pause data-center development and curbing the tax incentives the projects receive. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/state/2026/06/25/data-center-bill-tax-breaks/stories/202606250074 * Downtown Tax-Diversion Plan Draws Fire Latest developments: A plan to divert taxes from new Downtown construction into renovating the district drew objections from transit advocates over transparency and equity, PublicSource reported June 25. With Downtown Pittsburgh languishing in the post-pandemic shift to remote work, a proposal would channel tax revenue generated by new construction into funding district renovations, a plan transit advocates question on fairness grounds. - PublicSource: https://www.publicsource.org/downtown-pittsburgh-tax-diversion-plan-debate/ Around town: * Fayette Studies Penn State Campus Future Latest developments: Fayette County leaders launched a privately funded feasibility study June 25 to find new uses for the Penn State Fayette campus near Uniontown, which closes after one more academic year. Penn State will shut its Fayette branch campus near Uniontown within a year, and County Commissioner Scott Dunn said the county wants to repurpose the site as an educational hub with multiple partners. - KDKA: https://www.cbsnews.com/pittsburgh/news/fayette-county-study-penn-state-campus/ * Westmoreland 911 Seeks Rate Increase Latest developments: Workers at the Westmoreland County 911 Center and the county commission pressed for an increase to the emergency surcharge, unchanged for more than three years, WTAE reported June 25. Staff at the Westmoreland County 911 Center say rising labor and technology costs have outstripped the surcharge that funds emergency dispatch, which has not risen in over three years. - WTAE: https://www.wtae.com/article/pennsylvania-westmoreland-county-911-rate-increase/71733843 * Deluzio Opposes Veterans Benefits Bill Latest developments: U.S. Representative Chris Deluzio of Allegheny County came out against the Take Care of America's Veterans Act, which he says would cut benefits, KDKA reported June 25. Congressman Chris Deluzio joined opposition to the Take Care of America's Veterans Act, arguing it would reduce care and benefits for disabled veterans like Allegheny County Army veteran Craig Romanovich. - KDKA: https://www.cbsnews.com/pittsburgh/news/deluzio-opposes-take-care-of-americas-veterans-act/ Events: * Pittsburgh Choreography Festival in Oakland Latest developments: NEXTpittsburgh's weekend guide spotlights the Pittsburgh Dance Workshop and Choreography Festival, running through Saturday, June 27. The Pittsburgh Dance Workshop and Choreography Festival runs Thursday, June 25, through Saturday, June 27, at the Charity Randall Theatre in Oakland, presenting original works by emerging and established choreographers from the region and beyond at various times. - NEXTpittsburgh Events: https://nextpittsburgh.com/events/14-things-to-do-this-weekend-june-25-28-2026/ * Nia Sioux in CLO's 'Mean Girls' Latest developments: The Post-Gazette reported June 24 that former 'Dance Moms' star Nia Sioux will perform with Pittsburgh CLO at the Benedum Center. Nia Sioux, who rose to fame on 'Dance Moms,' returns to Pittsburgh to perform in the Pittsburgh CLO production of 'Mean Girls' at the Benedum Center, Downtown. - Post-Gazette Arts & Entertainment: https://www.post-gazette.com/ae/theater-dance/2026/06/24/dance-moms-nia-sioux-mean-girls-pittsburgh-clo/stories/202606180062 SPORTS ---------------------------------------------------------------- Pirates (41-40) Wed Jun 24 · Mariners 1 · Pirates 11 · Final Ashcraft, Rodriguez, O'Hearn help Pirates rout AL West-leading Mariners 11-1 https://plaintextsports.com/mlb/2026-06-24/sea-pit Thu Jun 25 · Mariners 1 · Pirates 5 · Final Brandon Lowe, Henry Davis each homer to lead Pirates over Mariners 5-1 https://plaintextsports.com/mlb/2026-06-25/sea-pit Up Next · Reds @ Pirates · Fri Jun 26, 6:40 PM https://plaintextsports.com/mlb/2026-06-26/cin-pit Around the Teams: * Horwitz to IL Amid Pirates Injuries Latest developments: The Post-Gazette assessed June 25 how the injury-riddled Pirates fill the gap after first baseman Spencer Horwitz landed on the injured list. The Pittsburgh Pirates placed first baseman Spencer Horwitz on the injured list, deepening a run of injuries, as the beat weighs replacements and the rehab timeline for top prospect Konnor Griffin. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/25/spencer-horwitz-brannigan-konnor-griffin-injury-updates-mlb/stories/202606250062 * Hiles: Pirates Shouldn't Buy at Deadline Latest developments: Post-Gazette columnist Noah Hiles argued June 24 that the Pirates have not earned the right to add at the MLB trade deadline. In a Post-Gazette column, Noah Hiles wrote that even with ace Paul Skenes, the Pirates' play under general manager Ben Cherington and owner Bob Nutting leaves them undeserving of buying at the deadline. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/24/hiles-mlb-trade-deadline-cherington-skenes-nutting/stories/202606240040 * Steelers Film Study: Spears-Jennings Latest developments: A Post-Gazette film study June 24 praised Steelers rookie safety Robert Spears-Jennings for his effort and special-teams value. The Post-Gazette broke down Steelers rookie safety Robert Spears-Jennings, drafted out of Oklahoma, highlighting his motor and likely early contribution on special teams. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/24/robert-spears-jennings-nfl-draft-oklahoma-sooners/stories/202606240031 Team USA: * USMNT Rests Starters vs. Türkiye Latest developments: Already through as Group D winners, the United States faced Türkiye in its finale at Los Angeles Stadium with a heavily rotated lineup and Christian Pulisic left out. Manager Mauricio Pochettino rotated his squad for the U.S. men's dead-rubber Group D match against Türkiye, sitting Christian Pulisic, as the Americans turn attention to the round of 32. - Guardian World Cup 2026: https://www.theguardian.com/football/live/2026/jun/26/turkey-v-usa-world-cup-2026-live - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49167040/what-turkiye-match-reveal-usmnt-world-cup-knockout-round-hopes * Hilary Knight Extends With PWHL Detroit Latest developments: Five-time U.S. Olympian Hilary Knight signed a two-year contract extension with PWHL Detroit on June 25, securing her through the 2028-29 season. Hilary Knight, the veteran forward and five-time United States Olympian, extended her deal with her new PWHL expansion club in Detroit, keeping her under contract through 2028-29. - ESPN Olympics: https://www.espn.com/nhl/story/_/id/49179492/hilary-knight-signs-2-year-contract-extension-pwhl-detroit READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson interviews Figma chief executive Dylan Field on building the design company and why Field believes AI gives Figma a tailwind rather than a threat. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues the tech industry mimics the surface rituals and language of past successes while chasing AI hype, imitating the form of winning companies without grasping what actually created their value. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport contends that AI firms publishing alarming warnings about the dangers of their own products amounts to a marketing tactic, as absurd as Ford issuing a whitepaper fretting that its F-150 is too powerful. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,410.91 ▼ -0.7% Dow 51,742.75 ▲ +0.6% Nasdaq 25,821.36 ▼ -1.3% WTI crude 74.35 ▼ -11.4% EUR/USD 1.1416 ▼ -1.4% GBP/USD 1.3205 ▼ -1.5% USD/JPY 161.53 ▲ +0.8% ================================================================ Generated 2026-06-25 21:06 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================