DEN HAAG (ANP) - De politie heeft een persoon aangehouden voor de explosie die donderdagavond plaatsvond bij het partijkantoor van D66 in Den Haag. De explosie aan de Lange Houtstraat was even na 21.00 uur, meldt de politie. Niemand raakte gewond.
Playing host to company laptops used by North Korean scammers posing as American IT workers might earn you a cut of the cash Pyongyang siphons from US firms, but as two more suckers have learned, it also means taking the fall when the FBI figures out what’s going on. Matthew Isaac Knoot, from Nashville, Tennessee, and Erick Ntekereze Prince, of New York, were each sentenced to 18 months in prison in separate cases, the Justice Department reported Wednesday. Prince and Knoot will also face three years and one year of supervised release, respectively, after their prison terms. While the cases were different, the crimes were largely the same, with both Knoot and Prince misrepresenting themselves as either an American IT worker, or a company offering IT services performed by Americans, respectively. Both won jobs to perform IT work for US-based companies, and both provided space for company-owned laptops in their home or office, where remote access software was installed to allow North Koreans to work from overseas while appearing to be located in the States. According to the DoJ, the pair generated more than $1.2 million in fraudulent revenue for North Korea, some of which was paid to them for their participation in the scheme. Knoot reportedly earned $15,100, which he will have to pay back as restitution to the companies and to the government; Prince will have to give back approximately $89,000 he got from Kim Jong Un's government. Between them, Prince and Knoot forced the nearly 70 US companies they victimized to spend $1.5 million to audit and remediate their devices, systems, and networks to eliminate all traces of the Nork intruders. The pair are the latest to find themselves facing the wrath of the Justice Department for enabling North Korea’s fake IT worker scheme, which has been wildly successful. According to the most recent data from earlier this year, North Korean IT worker schemes are raking in more than $500 million a year for the Kim regime. That number doesn’t include any monetary value of data stolen from those organizations, either. These scams have broadened their reach, too. Once confined to the realm of big tech, they’ve also been found in the healthcare, finance, and professional services spaces as well, as all present ripe opportunities for harvesting valuable data along with scoring money for the government. Knoot and Prince got off easy compared to some of the previous folks sentenced for aiding North Korea’s schemes, though. Kejia Wang and Zhenxing Wang were jailed for a combined 200 months when sentenced last month, though to be fair their operation was larger, their takes greater, and their targets more prominent. Regardless of the amount of time, the FBI said that the latest sentences should serve as a reminder that helping North Korea run its IT worker scam isn’t a good idea no matter how much they offer to pay. “These cases should leave no doubt that Americans who choose to facilitate these schemes will be identified and held accountable,” FBI cyber division assistant director Brett Leatherman wrote in the announcement. “Hosting laptops for DPRK IT workers is a federal crime which directly impacts our national security, and these sentences should serve as a warning to anyone considering it.” ®
How explicit does the maker of a footgun need to be about the product's potential to shoot you in the foot? That's essentially the question security firm Adversa AI is asking with the disclosure of a one-click remote code execution attack via an MCP server in Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and .claude/settings.json) that open the door to an attacker-controlled Model Context Protocol (MCP) server. MCP servers make tools, configuration data, schemas, and documentation available in a standard format to AI models via JSON. The vulnerability arises from inconsistent restrictions governing the scope of settings: Anthropic blocks some dangerous settings at the project level (e.g. bypassPermissions) but not others (e.g. enableAllProjectMcpServers and enabledMcpjsonServers). The JSON files simply enable those settings. "The moment a developer presses Enter on Claude Code's generic 'Yes, I trust this folder' dialog, the server spawns as an unsandboxed Node.js process with the user's full privileges — no per-server consent, no tool call from Claude required," Adversa AI explains in its PoC repo. The likely result is a compromised system. The PoC demonstrated in this video. It worked on Claude Code CLI v2.1.114, as of May 2. Other agent CLIs are also said to be affected, but specific PoCs have not been published. "It's the third CVE in Claude Code in six months from the same root cause (project-scoped settings as injection vector)," Alex Polyakov, co-founder of Adversa AI, told The Register in an email. "Each gets patched in isolation but the underlying class hasn't been finally fixed. Most developers don't know these settings exist, let alone that a cloned repo can set them silently." Anthropic, according to the security biz, contends that the user's trust decision moves the issue outside its threat model. CVE-2025-59536 was considered a vulnerability because it triggered automatically when a user started up Claude Code in a malicious directory. TrustFall, however, is considered out of scope because the user has been presented with a dialog box and made a trust decision. Adversa argues that the decision is not being made with informed consent, citing a prior, more explicit warning notice that was removed in v2.1 of the Claude Code CLI. "The pre-v2.1 dialog explicitly warned that .mcp.json could execute code and offered three options including 'proceed with MCP servers disabled,'" writes Adversa's Sergey Malenkovich. "That informed-consent UX was removed. The current dialog defaults to 'Yes, I trust this folder' with no MCP-specific language, no enumeration of which executables will spawn, and no opt-out for MCP while keeping the rest of the trust grant." Then there's the zero-click variant to consider for CI/CD pipelines that implement Claude Code. When Claude Code is invoked in CI/CD, that happens via SDK rather than the interactive CLI. So there's no terminal prompt. Malenkovich argues that Anthropic should make three changes. First, block enableAllProjectMcpServers, enabledMcpjsonServers, and permissions.allow from any settings file inside a project. The idea is that a malicious server should not be able to approve its own servers. Second, implement a dedicated MCP consent dialog that defaults to "deny." And third, require interactive consent per server rather than for all servers. Anthropic did not respond to a request for comment. ®
Organized by Capture the Atlas, the 2026 Milky Way Photographer of the Year saw a record number of submissions, with more than 6,500 entries representing a wide range of landscapes and perspectives around the world. Just 25 were selected as the top images, representing 12 different regions from the Canary Islands to New Zealand to Argentina.
“Every year, this collection reminds us that photographing the Milky Way is not only about technique or planning. It is about curiosity, patience, and the desire to experience the night sky in places where it still feels wild,” says Dan Zafra, editor of Capture the Atlas and curator of the annual contest. “Many of these skies are becoming increasingly rare, and we hope these images inspire people not only to admire them, but also to value and protect them.”
Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article Explore 25 Incredible Photos of the Milky Way Captured Around the World appeared first on Colossal.
Een woordvoerder van D66 laat aan De Telegraaf weten dat er een vuurwerkbom door de brievenbus van het pand zou zijn gegooid.
/s3/static.nrc.nl/wp-content/uploads/2026/05/07220124/070526VER_2033590858_d66.jpg)
BertvB posted a photo:
Captured the timeless beauty of the Cloister of San Francesco in the heart of Sorrento. This 14th-century monastery is a masterclass in architectural harmony, blending interlaced pointed arches with a peaceful, sun-drenched courtyard. The central tree and vibrant flowers provide a perfect natural contrast to the ancient stone columns.
This novel told in vignettes and poetic fragments follows a woman who discovers that choice does not always equate to agency
Goodbye, My Love begins with a departure. Amina is leaving her childish, controlling husband, believing this will be the start of a new life; a new self. But of course, these things are seldom so simple.
Within the first few pages of Yumna Kassab’s sixth book, it becomes clear that much of Amina’s life has been led by the expectations of the people around her. The name we know her by is not really hers; Amina is actually an echo of her husband’s name, Amin, who once “declared they should change their names so they matched … so she agreed, ever so agreeable”. Even after their divorce, we continue to know her by his moniker.
Sign up for a weekly email featuring our best reads
Goodbye, My Love by Yumna Kassab is out now in Australia (Ultimo, $34.99)
Continue reading...