daily plain-text briefing: security, markets, business, and pittsburgh
JFrog's public DirtyClone exploit hands local Linux users root the same week the Linux Foundation launches Akrites, as AI keeps shrinking the window between vulnerability disclosure and attack.
Latest developments: Proof launched x401, an issuer-neutral protocol that lets a website or API verify the identity and authorization behind an AI agent, the same day a major Model Context Protocol overhaul shifted critical security responsibilities onto developers and platform operators.
Autonomous AI agents inherit human permissions and act at machine speed with minimal oversight, widening a governance gap that legacy identity infrastructure never anticipated; controls like x401 and guardian-agent layers aim to authenticate and constrain them.
Sources: Help Net Security · The Hacker News · SecurityWeek · ↑ top
Latest developments: The Linux Foundation unveiled Akrites, an industry initiative uniting technology companies, financial institutions, security vendors, and AI firms to coordinate remediation and disclosure of vulnerabilities in widely used open-source software.
Akrites responds to AI shrinking the time between flaw discovery and exploitation by giving critical open-source projects shared tools and channels to report, patch, and disclose vulnerabilities.
Sources: Help Net Security · SecurityWeek · ↑ top
Latest developments: JFrog Security Research published a working exploit walkthrough for DirtyClone on June 25, the first public demonstration of this DirtyFrag-family variant.
DirtyClone, tracked as CVE-2026-43503 with a CVSS score of 8.8, lets a local user corrupt file-backed memory through a cloned network packet and escalate to root on Linux systems; administrators should apply the upstream kernel patch.
Sources: The Hacker News · ↑ top
Latest developments: Synology issued a critical fix for three MailPlus Server flaws, led by CVE-2026-13136, a faulty authorization check that lets remote attackers read or write arbitrary files and trigger denial-of-service, alongside CVE-2026-13135.
MailPlus Server runs private email infrastructure on Synology NAS devices; owners should install the security update promptly to block remote file access and DoS conditions.
Sources: Help Net Security · ↑ top
Latest developments: The latest wave delivers malicious npm releases in the LeoPlatform and RStreams packages, abuses GitHub Actions workflows, and propagates into the Go ecosystem.
Miasma belongs to the self-replicating Mini Shai-Hulud and Hades malware family that hijacks developer packages to steal secrets and spread; teams pinning npm and Go dependencies and auditing GitHub Actions workflows can limit exposure.
Sources: The Hacker News · ↑ top
Latest developments: The FCC voted to toughen rules protecting undersea cables and said it plans to mandate licensing for owners and operators of submarine line terminal equipment.
Submarine cables carry most international internet traffic and face espionage and sabotage risk; the FCC's licensing mandate would extend federal oversight to the SLTE gear that lands those cables.
Sources: The Record · ↑ top
Latest developments: Two powerful earthquakes struck northern Venezuela this week, and the U.S.-backed government is now pressing bondholders for a fast debt restructuring even as some creditors urge it to slow down.
Back-to-back earthquakes near Caracas pushed Venezuela into a national state of emergency, straining an economy already in sovereign default, and the government now wants a quick deal with bondholders while some warn against rushing a restructuring of the country's tens of billions in defaulted debt.
Sources: FT Markets · WSJ World News · ↑ top
Today: Mostly Cloudy, high 81F.
Tonight: Showers And Thunderstorms, low 64F.
Saturday: Showers And Thunderstorms Likely then Slight Chance Showers And Thunderstorms, high 80F.
Latest developments: The Allegheny County District Attorney announced June 26 charges against a former Ventec Refrigeration employee accused of stealing nearly $300,000 from the Penn Hills company.
Ashley Apperson, 34, of Leechburg, who worked roughly four years at Ventec Refrigeration in Penn Hills, faces multiple charges after county detectives say she took close to $300,000 from the firm.
Latest developments: Pittsburgh City Paper profiled June 26 how the Pittsburgh-based Eco-Soap Bank turns manufacturing soap waste into bars for people who lack them worldwide.
The Eco-Soap Bank, a Pittsburgh nonprofit, collects scrap and surplus soap from manufacturers, reprocesses it, and distributes bars to communities in need across the globe.
Sources: Pittsburgh City Paper · ↑ top
Latest developments: Allegheny County authorized up to $18 million on June 26 toward redeveloping the Tree of Life site in Squirrel Hill into a remembrance and education center.
Allegheny County approved as much as $18 million to help rebuild the Tree of Life site in Squirrel Hill into a place of remembrance, education, and community programming, the largest public commitment yet to the long-planned project.
Latest developments: PublicSource reported June 26 that Pennsylvania, unlike half of U.S. states, requires no insurance coverage for fertility treatment even as the Pittsburgh region courts more young families.
Pennsylvania mandates no insurance coverage for fertility treatments such as IVF, while 25 states require some, a gap PublicSource links to the state's stagnant population and Pittsburgh's effort to attract families.
Sources: PublicSource · ↑ top
Latest developments: PennDOT closed Commercial Street again on June 26 for a second straight day of testing the equipment that will slide the new span into place, without explaining why the extra day was needed.
PennDOT crews shut Commercial Street near Frick Park for a second consecutive day to test the system that will move a roughly 22-million-pound replacement bridge span into position next month.
Pirates (41-40)
Thu Jun 25 · Mariners 1 · Pirates 5 · Final
Brandon Lowe, Henry Davis each homer to lead Pirates over Mariners 5-1
Up Next · Reds @ Pirates · Fri Jun 26, 6:40 PM
Latest developments: The Post-Gazette chronicled June 26 the Pirates marking manager Don Kelly's 100th career victory, with players and staff praising his leadership.
Pirates players and front office celebrated manager Don Kelly reaching 100 career wins, a milestone the Post-Gazette framed around clubhouse respect and hopes for a postseason push.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: The Post-Gazette detailed June 25 the Pirates' new Legacy Hall at PNC Park, a history space the team says will let fans 'see a lot of history.'
The Pirates are opening Legacy Hall at PNC Park, an exhibit space showcasing franchise and Pittsburgh baseball history for fans young and old.
Sources: Post-Gazette Pirates · ↑ top
Latest developments: In his June 24 chat, Post-Gazette beat writer Gerry Dulac took reader questions on cornerback Joey Porter Jr., the quarterback room, and the roster heading toward training camp.
Post-Gazette Steelers beat writer Gerry Dulac answered reader questions covering Joey Porter Jr., quarterbacks Aaron Rodgers, Will Howard, and rookie Drew Allar, and Pittsburgh's roster outlook for 2026.
Sources: Post-Gazette Steelers · ↑ top
Latest developments: After the United States lost 3-2 to Türkiye on June 25, coach Mauricio Pochettino turned combative with reporters, insisting his side still 'won the group,' while backup keeper Matt Turner drew blame for the late collapse.
The United States, already through as Group D winners, fell 3-2 to Türkiye on Kaan Ayhan's final-kick goal at SoFi Stadium with a rotated lineup; Pochettino pushed back on 'weird' postgame questions, ESPN graded reserve goalkeeper Matt Turner 3/10, and the U.S. now meets Bosnia and Herzegovina in the round of 32 at Santa Clara on Wednesday, July 1.
Sources: ESPN Soccer · ESPN Soccer · ↑ top
S&P 500 7,410.91 ▼ -0.7% Dow 51,742.75 ▲ +0.6% Nasdaq 25,821.36 ▼ -1.3% WTI crude 73.38 ▼ -9.7% EUR/USD 1.1416 ▼ -1.4% GBP/USD 1.3205 ▼ -1.5% USD/JPY 161.53 ▲ +0.8%