Meeting comes amid tentative trade truce but Iran, Taiwan and tensions over global supply chains will be complicating factors

• Sign up for the Breaking News US email

Trump will begin his day in Washington in meetings, and sitting for an interview. He’ll then start his travel to China for three days of meetings. The president will first fly to Anchorage, Alaska at 2pm ET before finishing his flight to Beijing. We’ll bring you the latest lines as his journey gets under way, particularly if he stops to speak with the press.

Donald Trump has announced on Truth Social that Cuba was asking for help and “we are going to talk”, without elaborating further.

Continue reading...

The Kenyan player has been recognised for his advocacy and grassroots work to tackle sport’s carbon footprint

“Most well-known people who talk about climate change are in North America and Europe,” says Kenyan rugby sevens star Kevin Wekesa, “but for us this is a very relevant conversation. It is not only about future tournaments or big international pledges. In Kenya, we see the effects in rising heat, cracked pitches and changing weather in communities where young athletes are growing up.”

A year before competing in his first Olympic Games at Paris 2024, Wekesa responded to Kenya’s relegation from the top tier of international sevens by offering free rugby coaching in schools across Kenya. After travelling to a school in Kirinyaga on the slopes of Mount Kenya, a wet and verdant region, Wekesa found an unplayable dry field and was forced to cancel the session. One of the students told Wekesa that conditions had been similar for two months, while another suggested the unfamiliar weather was because of climate change.

This is an extract from our newsletter, The Hotspot. To subscribe just visit this page and follow the instructions.

Continue reading...

The answer is probably more about absorption than quantity, say our panel of experts

I’ve been advised to increase the iron in my diet but, as a vegetarian preoccupied with getting sufficient protein, I’m at a loss.
June, by email
Last year, a study by Randox Health found that almost one in three women who attended its UK clinics have an iron deficiency, which is to say that June isn’t alone. Yes, there are good sources that vegetarians can tap into, but we first need to address a few key points: “The heme iron you get from animal sources – red meat and darker poultry, say – is in a form that’s slightly better absorbed than non-heme iron, which is found in the likes of beans, tofu and leafy greens,” says Dominique Ludwig, nutritionist and author of No-Nonsense Nutrition. This is where vitamin C is your friend: “When we eat non-heme iron and vitamin C together, it increases absorption, so it might be a case for having peppers or tomatoes with your tofu.” But there’s another potential hitch: “On a vegetarian diet, some of that iron can be blocked from absorption because of things such as phytates [a plant compound found in whole grains, legumes, etc], or tannins in tea and dairy,” Ludwig adds, so it’s not simply about how much iron you’re getting, but how good your absorption is.

“Women aged 19-49 should aim for 14.8mg iron a day, but after menopause that drops to about 8.7mg, which falls in line with men’s requirements,” Ludwig says. “If you’re vegetarian, then, you can’t just be having pesto pasta, you need to be eating beans, lentils, nuts, seeds, soy products, and leafy greens, too.” Tofu can have 3-5mg iron per 100g, cooked lentils 3-4mg, chickpeas 2½-3mg, cashews 6-7mg and sesame seeds 14-15mg. So, much like getting dressed, layering is important.

Oats in the morning are a no-brainer: “A 40g serving will give you 2mg iron, so have them with milled flaxseed and berries for the vitamin C,” Ludwig advises. The same principle applies to the likes of a tofu scramble: “Throw in some kale and tomatoes [again, for the vitamin C] and serve it with wholemeal bread, and you’re looking at about 7mg iron,” Ludwig adds. In other words, your day is getting off to a good start.

Got a culinary dilemma? Email feast@theguardian.com

Continue reading...

Samhsa said funding cannot be used to purchase or distribute fentanyl test strips or other drug test kits

The Trump administration’s decision to restrict use of federal funds for fentanyl test strips, in what officials described as a “clear shift away from harm reduction”, could have fatal consequences, experts and critics have warned.

The Substance Abuse and Mental Health Services Administration (Samhsa) issued an open letter in April ordering an end to the use of its funding for all substance testing strips, including fentanyl, xylazine and medetomidine, the latest novel street drug to wreak havoc across the US.

Continue reading...

DEN HAAG (ANP) - Studenten en docenten van Nederlandse universiteiten kunnen weer gebruikmaken van de onderwijssoftware Canvas. De instellingen schakelen het platform weer in, nu de makers ervan een akkoord hebben gesloten met de cybercriminelen die waren binnengedrongen in het systeem. De hackers beloven dat ze de gestolen gegevens teruggeven. De ontwikkelaar, Instructure, meldt niet hoeveel losgeld daarvoor is betaald.

De Universiteit Maastricht is een van de zeven Nederlandse gebruikers van Canvas. De Limburgse universiteit start het platform dinsdag weer op, omdat "checks en risicoanalyses" zouden aantonen dat het veilig is. Ook op de universiteit in Tilburg is Canvas sinds dinsdag weer bereikbaar.

De Vrije Universiteit, de Universiteit van Amsterdam en de Universiteit Twente zeggen dat ze uitzoeken of Canvas weer kan worden ingeschakeld.

​Een onafhankelijke evaluatiecommissie heeft na maanden onderzoek naar de NPO als koepelorganisatie een conclusie kunnen trekken: er zijn te veel kapiteins met uiteenlopende opdrachten en soms tegengestelde belangen. De directeuren, managers, CEO’s, chefs, zenderbazen, afdelingshoofden, commissie- en bestuursleden binnen de NPO reageren teleurgesteld en geven aan het oneens te zijn met deze uitkomst.

“Hoezo te veel directeuren?” vraagt één van de zeven directeuren, die graag anoniem wil blijven, zich af. “Ze willen dat er minder managementlagen komen en duidelijke bevoegdheden. Complete onzin, zei mijn manager ook al. Zijn baas, die zit in de raad van bestuur en weet er dus echt wel wat van, vond het ook lulkoek. Op ons achten draait dit programma op deze zender van de NPO.”

De baas van de afdelingshoofden is het er ook niet mee eens dat de bevoegdheden onduidelijk zouden zijn. “Het is heel simpel: ik brief de zenderbaas over wat de bestuursleden van zijn afdeling hebben gehoord van de commissieleden van de omroep, en dan moet hij met het afdelingshoofd de beslissingen maken. Ik zou niet weten waar in dat systeem je wilt gaan snijden.”

​

&

Net nu al het klimaatnieuws eindelijk ónze kant op lijkt te vallen komt daar alweer de gevreesde CO2-heffing van de klimaatgestoorde EU om te hoek kijken, die we nog danken aan klimaatgek Frans Timmermans. Die heffing op vervuilende CO2-uitstoot (drie keer raden wie die monitort) gaat er vanaf 2028 voor zorgen dat onze nu al ongenadig dure gas en brandstof nog wat duurder wordt, zodat we met z'n allen niet rijker maar wel armer worden. De T. schrijft op basis van nieuwe doorrekeningen van het Planbureau voor de Leefomgeving "Huishoudens gaan door de nieuwe Europese heffing tegen vervuilende CO2-uitstoot vanaf 2028 tot 70 euro per maand extra betalen voor gas en autorijden" Zitten we mooi geramd, alleen is gaat het wel om een ram vol op de neus. En het kabinet-Jetten doet: GODVERDOMME NIETS. Even in het geheel niets te vieren dus, maar gelukkig hebben we Europadag al gehad.

An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI. Malicious npm packages for TanStack, an open source application stack, were published between 19:20 and 19:26 UTC on May 11. The attack was detected and reported within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub published a security advisory at 21:30 UTC, including a list of affected packages. TanStack founder Tanner Linsley published a postmortem describing how the attacker used a malicious commit on a fork to create a pull request on the TanStack repository, causing scripts to auto-run and build the malware. This poisoned the GitHub Actions cache in what Linsley said is a variant of a known GitHub Action vulnerability discovered in 2024. The malware then extracted the npm OpenID Connect (OIDC) token, used for trusted npm publishing, from runner memory using the same code used to compromise tj-actions in an attack last year. No TanStack maintainers were compromised. StepSecurity has a detailed analysis of the attack, noting that the payload "reads files from over 100 hardcoded paths" including those that may contain cloud credentials, SSH (secure shell) keys, developer tool configuration files, crypto wallets, VPN configurations, messaging credentials, and shell history. Shell history may contain tokens and passwords pasted into the terminal. Security researcher Nicholas Carlini warned the payload "installs a dead-man's switch… as a system user service." The service checks whether a stolen GitHub token has been revoked and, if it has, runs a command to wipe the local disk completely. Socket's write-up includes recommended actions such as rotating all secrets on any affected system. GitHub's advisory suggests "any developer or CI environment that ran npm install, pnpm install, or yarn install against an affected version on 2026-05-11 should be considered compromised." The Mistral AI has also been reported reported on GitHub, and at the time of writing, the Mistral AI project is quarantined on PyPI. This attack is still evolving and will likely have a far-reaching impact. It confirms again that running everyday commands like npm install is unsafe, that for all their efforts major package repositories including npm and PyPI are still not secured, and that software development is now best done in isolated, ephemeral environments. ®

gregcpb has added a photo to the pool:

gregcpb has added a photo to the pool: