================================================================ INFOSECFOLLOW -- security, markets, business, pittsburgh Friday, June 26, 2026 - 9:05 PM EDT ================================================================ Russian and Chinese state hackers fielded new espionage backdoors as compromised third-party vendors drained $3 million from Polymarket and widened Europe's ransomware toll. CONTENTS: Emerging Trends and Key Updates | Security | Business and Politics | Pittsburgh | Sports | Reading | Markets EMERGING TRENDS AND KEY UPDATES ---------------------------------------------------------------- * [TREND] Compromised third-party vendors drove fresh damage as a malicious script drained about $3 million from Polymarket users while Black Kite found suppliers now anchor Europe's ransomware surge. see: Polymarket and Klue: Third-Party Breaches Multiply; European Ransomware Rides Third-Party Suppliers * [TREND] State espionage kept out-engineering signature defenses as Kaspersky's SharkLoader dropped Cobalt Strike on Asian government bodies in a campaign tracked alongside Russia's Turla implants. see: State-Sponsored Backdoors: SharkLoader and StockStay * [UPDATE (new)] Two fresh server-side threats landed as AWS patched CVE-2026-12957 in Amazon Q Developer and CISA confirmed in-the-wild exploitation of a PTC Windchill remote-code-execution flaw. see: Amazon Q Developer Flaw Exposes Cloud Credentials; PTC Windchill Flaw Exploited in the Wild * [UPDATE (new)] The United States launched fresh military strikes on Iran on June 26, escalating past Trump's earlier blame for the cargo-ship attack a day before. see: U.S. Strikes Iran, Threatening the Ceasefire * [UPDATE (new)] Allegheny County issued a Code Red Heat Advisory for several days next week and will open five Pittsburgh cooling centers daily from 8 a.m. to 7 p.m. see: Code Red Heat Advisory, Cooling Centers Next Week SECURITY ---------------------------------------------------------------- 1. STATE-SPONSORED BACKDOORS: SHARKLOADER AND STOCKSTAY Nation-State Activity · [apt, nation-state, malware] Latest developments: Kaspersky exposed SharkLoader, a previously undocumented dropper deploying Cobalt Strike Beacon in a campaign it calls StrikeShark against a diplomatic organization in Indonesia and government bodies in Taiwan, while Google's Threat Intelligence Group detailed STOCKSTAY, a new .NET backdoor Russia's Turla aims at Ukrainian government and military networks and parties tracking Italian foreign policy. SharkLoader hands operators a Cobalt Strike foothold, and STOCKSTAY gives Turla persistent .NET access for long-term espionage. Government, diplomatic, and software-development targets across Asia and Ukraine should hunt for both. - The Hacker News: https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/sharkloader-dropper-governments-software-developers/ - The Hacker News: https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html - The Record: https://therecord.media/russia-turla-espionage-ukraine-stockstay-malware 2. AMAZON Q DEVELOPER FLAW EXPOSES CLOUD CREDENTIALS Vulnerabilities and Exploits · [ai, patch, cloud] Latest developments: AWS patched CVE-2026-12957, a high-severity flaw in Amazon Q Developer that let a malicious repository abuse Model Context Protocol server configs to run commands and steal a developer's cloud credentials the moment they trusted the workspace, as SecurityWeek flagged a broader MCP overhaul that shifts security duties onto developers and platform operators. Amazon Q Developer is AWS's AI coding assistant; opening a poisoned repository and trusting the workspace handed attackers the developer's AWS keys. AWS has patched the flaw and urges customers to update. - SecurityWeek: https://www.securityweek.com/amazon-q-flaw-enabled-cloud-credential-theft-via-malicious-repositories/ - The Hacker News: https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html - SecurityWeek: https://www.securityweek.com/new-enterprise-ready-mcp-specification-brings-new-security-challenges/ 3. POLYMARKET AND KLUE: THIRD-PARTY BREACHES MULTIPLY Data Breaches · [breach, supply-chain] Latest developments: Polymarket pledged to reimburse customers who lost about $3 million after attackers breached a third-party vendor and injected a malicious script into the prediction market's web frontend, while roughly two dozen more companies notified customers of the Klue-Salesforce breach and the hackers themselves got hacked. Attackers reached Polymarket through a third-party vendor and slipped a script into its frontend to steal user funds, which the firm will reimburse. The parallel Klue-Salesforce breach keeps widening its victim list. - BleepingComputer: https://www.bleepingcomputer.com/news/security/polymarket-customers-lose-3-million-in-supply-chain-attack/ - SecurityWeek: https://www.securityweek.com/3-million-reportedly-stolen-in-polymarket-hack/ - SecurityWeek: https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/ 4. PTC WINDCHILL FLAW EXPLOITED IN THE WILD Vulnerabilities and Exploits · [exploit, patch, zero-day] Latest developments: CISA added CVE-2026-12569, a critical remote-code-execution flaw in PTC Windchill PDMlink and FlexPLM software, to its Known Exploited Vulnerabilities catalog on June 26 after spotting ongoing web-shell attacks, the first confirmed exploitation in the wild. PTC Windchill manages product designs and engineering data for manufacturers, and the bug grants remote code execution on those servers. Operators should apply PTC's fix and inspect for web shells. - The Hacker News: https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html - SecurityWeek: https://www.securityweek.com/first-ever-exploitation-of-ptc-windchill-vulnerability-discovered-in-the-wild/ 5. QUANTUM DEADLINE STRAINS BUDGETS Policy and Regulation · [policy, encryption] Latest developments: Dark Reading detailed how meeting President Trump's 2030 post-quantum migration deadline will strain budgets across multivendor IT and OT environments plagued by visibility gaps and misaligned update cycles, as ZeroTier shipped release candidate 2 of ZeroTier Quantum, pushing its CNSA 2.0-compliant quantum-secure networking toward general availability. An executive order sets a 2030 deadline to migrate federal systems to post-quantum cryptography, and interoperability gaps make compliance costly and complex. Vendors like ZeroTier are racing CNSA 2.0-ready products to market. - Dark Reading: https://www.darkreading.com/cybersecurity-operations/meeting-2030-quantum-deadline-expensive-complex - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/zerotier-quantum-rc2/ 6. EUROPEAN RANSOMWARE RIDES THIRD-PARTY SUPPLIERS Ransomware and Cybercrime · [ransomware, supply-chain] Latest developments: Black Kite's 2026 European Cyber Risk Report, drawn from 2,066 ransomware incidents across 31 countries between January 2025 and April 2026, found attacks on European organizations climbing in early 2026 with third-party suppliers now a leading point of entry. The report ties Europe's rising ransomware toll to weak vendors in the supply chain. Organizations should vet, segment, and monitor their third-party suppliers as a primary defense. - Help Net Security: https://www.helpnetsecurity.com/2026/06/26/black-kite-european-cyber-threats-report/ BUSINESS AND POLITICS ---------------------------------------------------------------- * U.S. Strikes Iran, Threatening the Ceasefire Latest developments: The United States launched fresh military strikes on Iran on June 26, escalating past President Trump's earlier verbal blame for the cargo-ship attack a day before. Washington hit Iran after a drone attack damaged a commercial vessel in the Strait of Hormuz, calling Tehran's move unwarranted aggression against commercial shipping and a breach of the framework ceasefire between the two adversaries; U.S. oil futures climbed back above $70 a barrel in late trading. - FT World: https://www.ft.com/content/f9a4ca8d-d29c-4a7d-8791-8999d84317ae - WSJ World News: https://www.wsj.com/world/middle-east/trump-says-iranian-attack-on-cargo-ship-was-violation-of-ceasefire-deal-884c617c PITTSBURGH ---------------------------------------------------------------- Weather: Tonight: Cloudy then Slight Chance Showers And Thunderstorms, low 64F. Saturday: Showers And Thunderstorms, high 79F. Saturday Night: Showers And Thunderstorms Likely then Slight Chance Showers And Thunderstorms, low 65F. Business: * Schwebel's Sets July 4 Shutdown Latest developments: KDKA reported June 26 that Schwebel Baking Company will begin liquidating and close for good starting July 4, putting a firm date on the previously announced wind-down. The 120-year-old bread maker Schwebel Baking Company will end production and lay off workers across western Pennsylvania as it pursues a formal liquidation, shuttering a staple regional brand. - KDKA: https://www.cbsnews.com/pittsburgh/video/schwebel-baking-company-to-shut-down-after-120-years-in-business/ * Allegheny County May Drop Spouses From Health Plan Latest developments: WPXI's 11 Investigates reported June 26 that Allegheny County employees are just learning their spouses could be removed from the county's medical insurance plan. Allegheny County is weighing a major change to worker health benefits that would push employee spouses off the county insurance plan, a cost-cutting move affecting thousands of county workers and their families. - WPXI: https://www.wpxi.com/news/local/11-investigates-exclusive-spouses-allegheny-county-workers-could-be-removed-insurance-plan/5AABRKDSIRDK3GYSGW6FOQRW6Q/ Around town: * Code Red Heat Advisory, Cooling Centers Next Week Latest developments: Allegheny County issued a Code Red Heat Advisory for several days next week on June 26 and will open five Pittsburgh cooling centers from 8 a.m. to 7 p.m. A heat wave will push temperatures high across Allegheny County early next week, prompting the county to open five cooling centers in Pittsburgh and warn residents, following a rainy start to the weekend. - WPXI: https://www.wpxi.com/news/local/allegheny-county-issues-code-red-heat-advisory-several-days-next-week/3NGORR2D45EYNPC2BTWV5DYRDM/ - WPXI: https://www.wpxi.com/news/local/5-cooling-centers-will-open-pittsburgh-next-week-amid-high-temperatures/BHA5MKJMRFBNNL6NN3REQD7SVE/ * Commercial Street Closed a Second Day for Bridge Testing Latest developments: PennDOT closed Commercial Street near Frick Park for a second straight day June 26 for added testing, without explaining why the extra day was needed. PennDOT shut Commercial Street to test the system that will move a new bridge span into place near Frick Park, extending the closure beyond the single day originally scheduled. - WTAE: https://www.wtae.com/article/commercial-street-closed-for-second-day-as-penndot-crews-do-more-testing/71740865 * Shapiro Pushes Data-Center Incentives as His Party Wants More Latest developments: The Post-Gazette reported June 26 that Governor Josh Shapiro favors incentives to make data centers behave, while fellow Pennsylvania Democrats want more aggressive limits. Governor Josh Shapiro is pitching incentives to shape data-center development in Pennsylvania, splitting with members of his own party in Harrisburg who passed bills letting municipalities impose moratoriums and curb the projects' tax breaks. - Pittsburgh Post-Gazette: https://www.post-gazette.com/news/politics-state/2026/06/26/pa-data-centers-shapiro/stories/202606260052 Events: * Nelly, Third Eye Blind Headline America250 Concert at the Point Latest developments: Pittsburgh and America250PA announced June 26 that Nelly and Third Eye Blind will headline the Commonwealth Concert at Point State Park on Saturday, June 27. The America250PA Commonwealth Concert Series comes to Point State Park in Downtown Pittsburgh on Saturday, June 27, headlined by Nelly and Third Eye Blind, with Pittsburgh native Frzy as special guest and former Steelers quarterback Charlie Batch hosting. - KDKA: https://www.cbsnews.com/pittsburgh/news/nelly-third-eye-blind-point-state-park-america250-pittsburgh-concert/ SPORTS ---------------------------------------------------------------- Pirates (41-40) Thu Jun 25 · Mariners 1 · Pirates 5 · Final Brandon Lowe, Henry Davis each homer to lead Pirates over Mariners 5-1 https://plaintextsports.com/mlb/2026-06-25/sea-pit Fri Jun 26 · Reds 4 · Pirates 4 · Top 8th (in progress at last update) https://plaintextsports.com/mlb/2026-06-26/cin-pit Up Next · Reds @ Pirates · Sat Jun 27, 4:05 PM https://plaintextsports.com/mlb/2026-06-27/cin-pit Around the Teams: * Why Chris Boswell Is Kicking Farther Latest developments: A Post-Gazette feature June 26 examined why Steelers kicker Chris Boswell and other NFL kickers are booting field goals farther than ever before. The Post-Gazette dug into the league-wide surge in field-goal distance, using Steelers kicker Chris Boswell as a case study in the technique, equipment, and training behind today's record-long kicks. - Post-Gazette Steelers: https://www.post-gazette.com/sports/steelers/2026/06/26/nfl-field-goals-record-longest-kicks-boswell-little-tucker-mclaughlin/stories/202606180074 * Pirates Mailbag Tackles ABS Struggles Latest developments: A Post-Gazette mailbag June 26 asked how the Pirates can fix their abysmal success rate on automated ball-strike challenges, alongside All-Star voting and trade-deadline questions. Beat writers fielded reader questions on the Pirates' poor record challenging calls under the automated ball-strike system, Paul Skenes's All-Star candidacy, and the looming MLB trade deadline. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/26/mlb-allstar-skenes-mlodzinski-lowe-voting-trade-deadline-abs/stories/202606260028 * Is Marcell Ozuna Turning the Corner? Latest developments: A Post-Gazette piece June 25 assessed whether designated hitter Marcell Ozuna is breaking out of the slump that opened his Pirates tenure. Marcell Ozuna started lousily after joining the Pirates, and the Post-Gazette weighed signs he may finally be hitting his stride under manager Don Kelly. - Post-Gazette Pirates: https://www.post-gazette.com/sports/pirates/2026/06/25/mlb-news-marcell-ozuna-don-kelly-ryan-ohearn-oneil-cruz/stories/202606240038 Team USA: * U.S. Soccer Offers Pochettino a Deal Through 2030 Latest developments: Multiple sources told the Guardian June 26 that U.S. Soccer has formally offered Mauricio Pochettino an extension through the 2030 World Cup, moving past the earlier positive talks. U.S. Soccer has offered men's national team coach Mauricio Pochettino, in charge since late 2024, a contract extension that would keep him through the 2030 World Cup, even as European clubs are likely to pursue him. - Guardian World Cup 2026: https://www.theguardian.com/football/2026/jun/26/mauricio-pochettino-extension-us-soccer-world-cup * Pulisic Ready for the Knockout Round Latest developments: ESPN reported June 26 that Christian Pulisic, back from a calf injury, looks ready to make his mark as the United States heads into the World Cup round of 32. Christian Pulisic returned in the 3-2 Group D finale loss to Türkiye after recovering from a left calf injury, and the United States, already through as group winners, plays its round-of-32 match July 1. - ESPN Soccer: https://www.espn.com/soccer/story/_/id/49184846/christian-pulisic-return-vs-turkiye-looks-ready-make-mark-usmnt-world-cup * Drug Case Against Bode Miller to Be Dropped Latest developments: An Idaho prosecutor said June 26 that misdemeanor drug charges against Olympic gold-medal skier Bode Miller will be dismissed. Prosecutors will drop misdemeanor drug charges against former Olympic champion skier Bode Miller, despite an earlier finding of probable cause for his arrest, an Idaho prosecutor said. - ESPN Olympics: https://www.espn.com/olympics/story/_/id/49187302/prosecutor-drop-drug-case-former-olympic-skier-bode-miller READING ---------------------------------------------------------------- * Ed Zitron -- Cargo Culture Zitron argues that much of the tech and AI industry runs on cargo-cult thinking, imitating the surface rituals and rhetoric of past successes while lacking the substance that would make the products actually deliver. https://www.wheresyoured.at/cargo-culture/ * Stratechery -- An Interview with Figma CEO Dylan Field About Design and AI Ben Thompson interviews Figma chief executive Dylan Field about building the design tool and why Field sees AI as a tailwind that strengthens, rather than threatens, Figma's position. https://stratechery.com/2026/an-interview-with-figma-ceo-dylan-field-about-design-and-ai/ * Cal Newport -- Dear AI Companies: Stop the “Doom Trolling” Newport urges AI companies to stop publishing alarming warnings about their own products' supposed dangers as a marketing move, likening it to a carmaker hyping fears about its own best-selling vehicle to signal how powerful it is. https://calnewport.com/dear-ai-companies-stop-the-doom-trolling/ MARKETS (weekly average, change vs prior week) ---------------------------------------------------------------- S&P 500 7,381.60 ▼ -1.4% Dow 51,805.04 ▲ +0.4% Nasdaq 25,577.30 ▼ -2.7% WTI crude 72.11 ▼ -8.7% EUR/USD 1.1382 ▼ -1.3% GBP/USD 1.3200 ▼ -0.8% USD/JPY 161.69 ▲ +0.6% ================================================================ Generated 2026-06-26 21:05 EDT. Sources: 24 security feeds; 9 Pittsburgh feeds; 4 Pittsburgh arts and events feeds; 6 Pittsburgh sports beat and podcast feeds; 4 Team USA feeds; the Wall Street Journal, the Economist, and the Financial Times; and Ed Zitron, Stratechery, Cal Newport. Markets from Yahoo Finance, weather from the NWS, scores from ESPN. Summaries are AI-generated from the linked reporting; verify at the sources. ================================================================