On decision fatigue: “Why are you so tired? The answer has to do with how many times you’ve had to make a decision throughout the day.” And: “The quality of our decisions deteriorates as we accumulate previous decisions.”
Arsenal star says squad has practised penalties
Bukayo Saka provides ‘healthy competition’ for place
Noni Madueke has warned that England must not take the Democratic Republic of the Congo (DRC) lightly but expects a much more fluent attacking display than against Ghana during the group stages.
England struggled to break down Carlos Queiroz’s side in the 0-0 draw in Boston last week and the DRC are expected to employ the same counterattacking style for the last-32 tie in Atlanta on Wednesday. Madueke started against Croatia and Ghana before losing his place to his Arsenal teammate Bukayo Saka for the win against Panama.
Continue reading...New French Open champion is trying to follow it up with SW19 glory, something only the very best have achieved
They call it the toughest job in tennis. No, it’s not coaching Emma Raducanu or interviewing Corentin Moutet on live television. Since they stopped making rackets out of trees, only three women have done the Roland Garros-Wimbledon double in the same summer. You’re talking Martina Navratilova. You’re talking Steffi Graf. You’re talking Serena Williams. That’s one hell of a blunt rotation.
And so for Mirra Andreeva there is a breathtaking brutality to her task over the next fortnight: simply emulate the greatest women ever to do it. We think we know how it ends. The way it usually ends: in sprawling, exhausted defeat. Garbiñe Muguruza crashing out to Jana Cepelova in 2016 (round two). Ash Barty getting shocked by Alison Riske in 2019 (round four). A tearful Coco Gauff being outplayed by Dayana Yastremska 12 months ago (round one).
Continue reading...Former Barcelona striker joins for two and a half seasons
37-year-old’s 697 goals is third best total for current players
The Chicago Fire on Monday officially announced their acquisition of Robert Lewandowski through to the 2027-28 season. Poland’s record goalscorer will occupy a designated player slot pending the approval of his visa as well as the completion of an international transfer certificate.
The club described Lewandowski, 37, as “a global soccer icon” in social media posts. He was a free agent after spending the last four seasons with Barcelona, scoring 83 goals with 19 assists in 134 league matches (114 starts) while contributing to three La Liga titles.
Continue reading...Emily Barker, Nick Hutcherson and Sydney Watson killed working to contain raging fires on Utah-Colorado border
The US Department of Interior on Monday released the names of three firefighters who were killed while working to contain wildfires along the Utah-Colorado border.
Two other firefighters who were part of the specialized helicopter-deployed crew were also injured in the blaze, although authorities did not identify them.
Continue reading...
Het treinverkeer tussen Rotterdam en het zuiden van Nederland ligt tot zeker donderdagvond plat. Door een brand in een kabelgoot zijn kabels beschadigd geraakt, schrijft…
/s3/static.nrc.nl/wp-content/uploads/2026/06/29212004/290626VER_2034847741_.jpg)
Not everyone is willing to follow responsible disclosure of vulns. An anonymous researcher has dumped what they say is working exploit code for zero-day vulnerabilities across 15 software products and open source projects without notifying any vendors or maintainers prior to publishing - and attackers are already exploiting at least two of these. The first is CVE-2026-55200, a critical, pre-authentication remote code execution (RCE) vulnerability in libssh2, a popular client-side C library that implements the SSH2 protocol. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution. A fix has been merged into the libssh2 mainline development source control branch, and maintainers are still preparing a libssh2 release containing the patch. The second is CVE-2026-20896, a critical authentication bypass vulnerability affecting self-hosted Gitea Docker deployments that allows unauthenticated remote attackers to impersonate any user and fully take over the Git server. It’s fixed in Gitea 1.26.3. The researcher, who goes by bikini, dropped the exploit code and vulnerability write-ups in a now-removed GitHub repository called exploitarium. They remind us of Nightmare Eclipse - the zero-day bug hunter who has been publishing Microsoft exploits over the past couple of months. Unlike Nightmare Eclipse, however, bikini doesn’t appear to hold a grudge against any one vendor, publishing purported vulnerabilities across multiple products and projects including libssh2, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, Gitea, and Floci. Bikini claimed - and, to be clear, The Register has not verified these claims or that the code works - that none of the exploits in the repo have been reported. “Feel free to report them yourself and take credit for the CVE if handed out lulz,” the anonymous researcher wrote, as shown in this screenshot posted on X by Ledger CTO Charles Guillemet. “Please do not abuse these. I do this so to allure people into the field.” Other researchers, including Federal Signal analyst Ethan Andrews, suggested that bikini used advanced AI models - specifically GPT-5.5 Codex - to automate fuzzing and vulnerability discovery, in yet another indication that the AI-induced vulnpocalypse is nigh. In response to bikini’s data dump, Andrews built 44 KQL detection rules covering the full exploitarium repo with language translation available for non-KQL stacks. “The most technically significant findings - libssh2 pre-auth heap write and Gitea default Docker auth bypass - have been independently verified as high-risk with active exploitation observed,” Andrews wrote, noting that some of the exploitarium disclosures “have been dismissed by the community as low-impact AI-fuzzing noise.” While the repository has since been removed by GitHub, nothing ever truly dies on the internet, and it’s safe to assume that attackers are now also using AI to scan for vulnerable instances. In many cases, bikini’s PoCs mean they don’t even have to spend time developing an exploit. ®
