================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Friday, June 26, 2026 - 6:05 AM EDT ================================================================ Russia's Turla unleashed a fresh STOCKSTAY backdoor on Ukraine as CISA logged the first in-the-wild exploitation of a PTC Windchill flaw and phishing kits sharpened their evasion of multifactor authentication. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Russia's Turla seeded the STOCKSTAY backdoor into Ukrainian government networks as the SharkLoader dropper of the StrikeShark campaign breached governments and developers worldwide, multiplying espionage tooling. see: Turla Deploys STOCKSTAY Against Ukraine; SharkLoader Dropper Hits Governments and Developers * [UPDATE (new)] CISA logged its first in-the-wild exploitation of PTC Windchill flaw CVE-2026-12569 and added a Cisco Unified CM forgery bug CVE-2026-20230 to its Known Exploited list. see: CISA Flags Windchill and Cisco Exploitation * [TREND] Phishing kits Mirage2FA and Bluekit folded HTML smuggling and browser-in-the-middle theft into their playbooks to slip past multifactor authentication on Microsoft 365 logins. see: Phishing Kits Sharpen MFA Evasion * [UPDATE (new)] A global AI selloff slammed South Korea with a second circuit-breaker halt this week, deepened by a report that OpenAI may delay its public offering. see: Global AI Selloff Triggers Korean Trading Halts * [TREND] New Gaslight macOS malware buries prompt injections to mislead AI analysis tools, even as Zitron's Cargo Culture argues much of the AI boom imitates success without substance. see: Malware Targets AI Analysis Tools; Cargo Culture SECURITY ---------------------------------------------------------------- 1. CISA FLAGS WINDCHILL AND CISCO EXPLOITATION Vulnerabilities and Exploits · [exploit, kev, patch] Latest developments: CISA added PTC Windchill and FlexPLM remote-code-execution flaw CVE-2026-12569, its first observed in-the-wild exploitation, plus Cisco Unified Communications Manager server-side request forgery flaw CVE-2026-20230 to the Known Exploited Vulnerabilities catalog, while attackers weaponized the Cisco bug within 24 hours and a Lantronix serial-to-IP converter flaw, CVE-2025-67038, came under attack. The Cisco CUCM flaw grants request forgery and root escalation; administrators must patch Windchill, Cisco Unified CM, and Lantronix devices now. - SecurityWeek: https://www.securityweek.com/first-ever-exploitation-of-ptc-windchill-vulnerability-discovered-in-the-wild/ - CISA Advisories: https://www.cisa.gov/news-events/alerts/2026/06/25/cisa-adds-two-known-exploited-vulnerabilities-catalog - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/less-than-24-hours-attackers-weaponize-cisco-cucm-flaw - SecurityWeek: https://www.securityweek.com/lantronix-serial-to-ip-converter-flaw-exploited-in-attacks-after-ot-threat-warning/ 2. PHISHING KITS SHARPEN MFA EVASION Ransomware and Cybercrime · [phishing] Latest developments: Fortra identified Mirage2FA, a kit pairing short-lived HTML smuggling with obfuscated JavaScript to steal Microsoft 365 logins during MFA prompts; the Bluekit phishing-as-a-service platform added browser-in-the-middle theft and nearly 70 new hostnames in a week; and criminals abused Shopify's Shop order-tracking app, planting fake receipts to trigger callback phishing. Phishing-as-a-service kits increasingly defeat multifactor authentication and ride trusted apps; train users and tighten Microsoft 365 sign-in monitoring. - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/mirage2fa-phishing-kit-microsoft-365-html-smuggling/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/bluekit-phishing-kit-adopts-browser-in-the-middle-for-login-theft/ - BleepingComputer: https://www.bleepingcomputer.com/news/security/order-tracking-app-shop-abused-to-push-callback-phishing-attacks/ 3. THIRD-PARTY SUPPLIERS OPEN EUROPE TO RANSOMWARE Ransomware and Cybercrime · [ransomware, supply-chain] Latest developments: Black Kite's 2026 European Cyber Risk Report, drawn from 2,066 ransomware incidents across 31 countries between January 2025 and April 2026, found attacks accelerating with third-party suppliers as a leading entry point, the same day a third-party vendor compromise let hackers steal roughly $3 million from Polymarket users and Dark Reading reported edtech attackers pivoting from schools to their software vendors. Outside vendors increasingly open the door to ransomware and theft; map supplier access and monitor every third-party connection. - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/black-kite-european-cyber-threats-report/ - SecurityWeek: https://www.securityweek.com/3-million-reportedly-stolen-in-polymarket-hack/ - Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/edtech-attackers-shift-schools-software-suppliers 4. TURLA DEPLOYS STOCKSTAY AGAINST UKRAINE Nation-State Activity · [apt, espionage] Latest developments: Google's Threat Intelligence Group attributed a previously undocumented .NET backdoor, STOCKSTAY, to Turla, which deployed it against Ukrainian government and military organizations and entities interested in Italian foreign policy. Turla, the Russian FSB-linked espionage group, continually rebuilds the Windows backdoor to steal data from state and defense networks. - SecurityWeek: https://www.securityweek.com/russian-apt-deploys-stockstay-backdoor-against-ukrainian-targets/ - The Hacker News: https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html 5. SHARKLOADER DROPPER HITS GOVERNMENTS AND DEVELOPERS Nation-State Activity · [espionage, apt] Latest developments: Kaspersky uncovered StrikeShark, a global campaign wielding the previously unknown SharkLoader dropper to compromise government organizations and software development companies across multiple countries, first spotted in an attack on a diplomatic organization in Indonesia. The unattributed operators and novel dropper mark a fresh espionage actor reaching public-sector and developer targets worldwide. - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/sharkloader-dropper-governments-software-developers/ 6. MALWARE TARGETS AI ANALYSIS TOOLS AI Security · [ai, malware] Latest developments: Researchers detailed Gaslight, macOS malware that buries prompt-injection strings and fake debugging data in its executable to mislead AI-assisted analysis tools, while a new paper showed large language models fall for prompt injection because they learn the writing style of role blocks rather than their tags. Attackers now aim at the AI tooling defenders rely on; treat model-driven triage output as untrusted and verify findings by hand. - BleepingComputer: https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/ - Schneier on Security: https://www.schneier.com/blog/archives/2026/06/interesting-paper-exploring-prompt-injection.html BUSINESS AND POLITICS ---------------------------------------------------------------- * Global AI Selloff Triggers Korean Trading Halts Latest developments: South Korea's market slid more than 8% on June 26, triggering its second circuit-breaker halt of the week, and a report that OpenAI may delay its public offering deepened a rout that earlier hit memory chips and Apple. Investors dumping artificial-intelligence-linked shares sent the Kospi down over 8%, pressured Nasdaq futures and chipmakers worldwide, and pushed oil back toward pre-war levels, intensifying doubts about whether the AI boom can sustain its spending. - WSJ Markets: https://www.wsj.com/finance/stocks/south-korean-stocks-tumble-triggering-second-trading-halt-this-week-c0186f2c?mod=rss_markets_main - WSJ Markets: https://www.wsj.com/finance/stocks/nasdaq-futures-slip-as-tech-selloff-deepens-b3f64fcd?mod=rss_markets_main - FT World: https://www.ft.com/content/bb70e272-5b09-4806-8b19-7c03c350f580 * JPMorgan Sets Dimon Succession Race Latest developments: JPMorgan named Doug Petno and Troy Rohrbaugh co-presidents on June 25, formally opening the contest to succeed 70-year-old chief executive Jamie Dimon. JPMorgan Chase, the largest U.S. bank, elevated commercial-banking head Doug Petno and markets chief Troy Rohrbaugh to co-presidents, positioning the two as front-runners to eventually replace Jamie Dimon, who has run the firm since 2005. - WSJ Markets: https://www.wsj.com/finance/banking/jpmorgan-names-co-presidents-in-effort-to-find-successors-for-jamie-dimon-aafb5c27?mod=rss_markets_main PITTSBURGH ---------------------------------------------------------------- Weather: Today: Mostly Cloudy, high 81F. Tonight: Showers And Thunderstorms, low 64F. Saturday: Showers And Thunderstorms Likely then Slight Chance Showers And Thunderstorms, high 80F. Business: * Engineer Charged Over Three Mile Island Restart Tip Latest developments: A federal grand jury and the SEC allege a former nuclear engineer used secret information about Constellation Energy's Three Mile Island restart to profit roughly $1.48 million, TribLive reported June 26. The SEC says a Delaware nuclear engineer traded on nonpublic details of Constellation Energy's plan to reopen the Three Mile Island plant near Harrisburg, making about $1.48 million before the deal became public. - TribLive: https://triblive.com/news/pennsylvania/three-mile-island-restart-deal-was-secret-a-nuclear-engineer-used-info-to-profit-1-4m-grand-jury-said/ * Hoffmann Owners Pledge Penguins Stay in Pittsburgh Latest developments: The Hoffmann Family of Companies introduced itself at PPG Paints Arena on June 26, vowing to keep the Penguins in Pittsburgh, after the NHL approved the sale earlier this week. Pittsburgh's new Penguins owners, the Hoffmann Family of Companies, told a PPG Paints Arena press conference they bought a Squirrel Hill home, have no plans to move the team, and floated changing the franchise's ECHL affiliation, with Kyle Dubas staying on. - KDKA: https://www.cbsnews.com/pittsburgh/news/penguins-new-owners-kyle-dubas-echl/ * Schwebel's Closure Hits Bakery Communities Latest developments: The Post-Gazette detailed June 26 the community loss as Schwebel Baking Company winds down, following the liquidation and outlet-store closures already reported. Schwebel Baking Company's wind-down after 120 years strands western Pennsylvania workers and longtime customers, the Post-Gazette reported, describing 'a heavy impact' across the region's neighborhoods. - Pittsburgh Post-Gazette: https://www.post-gazette.com/business/career-workplace/2026/06/26/schwebels-baking-company-closing/stories/202606240045 Around town: * PennDOT Tests Commercial Street Bridge Move Latest developments: PennDOT crews closed Commercial Street and the Nine Mile Run trail on June 26 to test the equipment that will slide a 22-million-pound replacement span into place next month, the step previewed earlier this week. PennDOT ran a full equipment test under Interstate 376 near Frick Park for the Commercial Street bridge replacement, ahead of a planned I-376 closure next month to move the new 22-million-pound span. - KDKA: https://www.cbsnews.com/pittsburgh/news/penndot-major-test-parkway-east-commercial-street-bridge-replacement/ * County Weighs 18-Week Paid Parental Leave Latest developments: An Allegheny County Council committee heard public testimony June 25 on a proposal granting county employees 18 weeks of paid parental leave. Allegheny County Council's committee took public comment on an 18-week paid-parental-leave plan for county workers, with UPMC Magee-Womens Hospital nurse Jean Stone among those urging a stronger policy across the Pittsburgh region. - TribLive: https://triblive.com/local/valley-news-dispatch/allegheny-county-council-committee-hears-from-the-public-about-18-week-paid-parental-leave-proposal/ * Woodland Hills Superintendent Testifies at Hearing Latest developments: Suspended Woodland Hills superintendent Joe Maluchnik testified June 25 on the fifth night of his public firing hearing, telling his side for the first time. Joe Maluchnik, the suspended Woodland Hills School District superintendent, told the public hearing over his firing that the district resisted his efforts to improve it, his first account of the months-long dispute. - WTAE: https://www.wtae.com/article/woodland-hills-suspended-superintendent-claims-public-hearing-testified/71736668 SPORTS ---------------------------------------------------------------- Pirates (41-40) Thu Jun 25 · Mariners 1 · Pirates 5 · Final Brandon Lowe, Henry Davis each homer to lead Pirates over Mariners 5-1 https://plaintextsports.com/mlb/2026-06-25/sea-pit Up Next · Reds @ Pirates · Fri Jun 26, 6:40 PM https://plaintextsports.com/mlb/2026-06-26/cin-pit Around the Teams: * Why NFL Kickers, Boswell, Boot Farther Latest developments: A Post-Gazette feature June 26 examined why Steelers kicker Chris Boswell and NFL kickers leaguewide are making field goals from record distances. The Post-Gazette traced the equipment, technique, and rule changes letting kickers like the Steelers' Chris Boswell set distance records, part of an NFL-wide surge in long field goals. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/26/nfl-field-goals-record-longest-kicks-boswell-little-tucker-mclaughlin/stories/202606180074 * Ozuna May Be Turning the Corner Latest developments: A Post-Gazette analysis June 25 weighed whether Marcell Ozuna is finally heating up after a lousy start with the Pirates. Pirates designated hitter Marcell Ozuna, brought in to add power, has shown recent signs of life at the plate, the Post-Gazette reported alongside notes on manager Don Kelly, Ryan O'Hearn, and Oneil Cruz. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/25/mlb-news-marcell-ozuna-don-kelly-ryan-ohearn-oneil-cruz/stories/202606240038 * Ebron Joins Not Just Football Latest developments: Eric Ebron appeared on Cam Heyward's 'Not Just Football' podcast, posted June 24, discussing Andrew Luck's retirement and the 11-0 Steelers team. On Cam Heyward's 'Not Just Football,' former tight end Eric Ebron shared locker-room stories from Detroit, Indianapolis, and Pittsburgh, reflected on his own retirement at 28, and touched on Bill Belichick taking over North Carolina. - Not Just Football with Cam Heyward: https://www.youtube.com/watch?v=KgmEBua4Rog Team USA: * USMNT Loses to Türkiye, Draws Bosnia Latest developments: Türkiye beat the United States 3-2 on Kaan Ayhan's final-kick goal Thursday, June 25, and the U.S., already Group D winners, drew Bosnia and Herzegovina in the round of 32 at Santa Clara on Wednesday, July 1. Mauricio Pochettino's heavily rotated United States side conceded three goals at SoFi Stadium in Inglewood, with backup keeper Matt Turner faulted, in a meaningless group finale that still left the co-hosts atop Group D and bound for a knockout match against Bosnia and Herzegovina. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49181937/usa-bosnia-herzegovina-world-cup-round-32-knockout - Guardian World Cup 2026: https://www.theguardian.com/football/2026/jun/26/turkey-usa-world-cup-2026-match-report * Pulisic Set to Start Knockout Match Latest developments: Christian Pulisic came off the bench against Türkiye and looks ready to start the United States' round-of-32 game versus Bosnia and Herzegovina, ESPN reported June 26. Christian Pulisic, recovered from the calf injury that limited him in the group stage, substituted on against Türkiye and is positioned to lead the U.S. attack in its first knockout match. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49184846/christian-pulisic-return-big-boost-usmnt-world-cup-hopes-start-vs-bosnia-herzegovina READING ---------------------------------------------------------------- * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson interviews Figma chief executive Dylan Field on building the design platform and why he believes AI gives the company a tailwind. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Ed Zitron -- Cargo Culture Zitron argues that much of the AI industry imitates the trappings of past tech successes while lacking the underlying substance, a cargo cult chasing the appearance of inevitability. https://www.wheresyoured.at/cargo-culture/ * Cal Newport -- Dear AI Companies: Stop the "Doom Trolling" Newport calls on AI firms to quit stoking fears about their own products' dangers, likening it to a carmaker warning that its bestselling truck might be catastrophically unsafe. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,410.91 ▼ -0.7% Dow 51,742.75 ▲ +0.6% Nasdaq 25,821.36 ▼ -1.3% WTI crude 73.38 ▼ -9.7% EUR/USD 1.1416 ▼ -1.4% GBP/USD 1.3205 ▼ -1.5% USD/JPY 161.53 ▲ +0.8% ================================================================ Generated 2026-06-26 06:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================