The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

Boro and Hull attempt to disregard ‘weird and crazy’ spygate noise in playoff final

Saints’ self-destruction has left Kim Hellberg and Sergej Jakirovic tantalisingly close to fulfilling their dream in Saturday’s Wembley trip

When the television cameras zoomed in for a closeup it became clear Hayden Hackney was crying.

Middlesbrough’s best player had just watched his teammates lose the second leg of the Championship playoff semi-final 2-1 in extra time at Southampton. As he left his seat behind the away dugout and wandered across the pitch, the Redcar-born midfield playmaker looked utterly heartbroken.

Continue reading...

Rijnmond - Nieuws

Het laatste nieuws van vandaag over Rotterdam, Feyenoord, het verkeer en het weer in de regio Rijnmond

Minder soa-testen, meer besmettingen: 'Altijd beter om het te weten dan om het niet te weten'

Terwijl steeds minder mensen zich laten testen op een soa, hebben juist steeds méér mensen er een. Uit cijfers van de ECDC, een soort Europese GGD, blijkt dat de gevallen van gonorroe en syfilis in tien jaar zijn verdubbeld. Rijnmond ging daarom de straat op: "Jongeren kunnen onverantwoordelijk zijn."

Rotterdamse boksvoorzitter hoopt op 'Verstappen-effect' bij Rico Verhoeven

Normaal staat Rico Verhoeven bekend als de koning van het kickboksen, maar zaterdagavond wacht hem misschien wel de grootste uitdaging uit zijn carrière. In Egypte stapt hij de boksring in tegen de ongeslagen wereldkampioen Oleksandr Usyk. Rotterdammer Leon Aertgeerts zit er met zijn neus bovenop. Hij is namens de Nederlandse profboksbond afgereisd naar Caïro en merkt dat het gevecht wereldwijd enorm leeft.

EBOLA in het StamCafé

WE HEBBEN EEN E

WE HEBBEN EEN B

WE HEBBEN EEN O

WE HEBBEN EEN L

WE HEBBEN EEN A

Wat staat er dan

Social

Wel.nl

Minder lezen, Meer weten.

Vakbonden dreigen met acties bij beveiliging op Schiphol

UTRECHT (ANP) - Vakbonden FNV, CNV en De Unie dreigen met acties bij I-SEC, een van de drie beveiligingsbedrijven op Schiphol. Ze geven de onderneming nog een week om problemen met de roosters op te lossen, anders worden op de luchthaven acties op touw gezet. Dat stelt FNV-bestuurder Serda Karabulut na berichtgeving door De Telegraaf. Aan welke acties de bonden denken, wil hij nog niet zeggen. Dat zou nog "voorbarig" zijn.

Maandag waren er in meerdere vertrekhallen meteen lange rijen op de eerste dag dat Schiphol met een aangepaste opzet van de beveiliging werkte. FNV sprak al van chaos op de werkvloer. Schiphol werkt sinds maandag niet meer met vijf maar met drie beveiligingsbedrijven. Veel van de bijna 5000 beveiligers zijn overgegaan naar een nieuwe werkgever.

De bonden vinden dat beveiligers de dupe zijn van de veranderingen en dat er veel niet goed gaat met de roosters en bijvoorbeeld omgang met verlof. Volgens Karabulut hadden veel beveiligers zich maandag ook ziek gemeld. De bonden zien de problemen bij alle drie de beveiligingsbedrijven, maar kregen van hun achterban de meeste klachten over I-SEC.

Een woordvoerder van Schiphol zegt bekend te zijn met de brief die de bonden over de kwestie hebben gestuurd. Volgens hem is Schiphol nu met I-SEC in gesprek hierover. Meer wil de zegsman er niet over kwijt. De dagelijkse operatie bij de beveiliging omschrijft hij als "beheersbaar". I-SEC was vrijdagavond niet bereikbaar voor commentaar.


The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon. Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI/CD credential-stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories. If a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further, Ox Security lead researcher Moshe Siman Tov Bustan said in a Thursday blog post. Megalodon steals AWS secret keys and Google Cloud access tokens. It also queries AWS, Google Cloud Platform, and Azure metadata for instance role credentials, reads SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and scans source code for more than 30 secret regex patterns. Then it exfiltrates GitHub tokens, including secrets used to authenticate with cloud providers, thus allowing attackers to impersonate developers’ cloud identities, along with Bitbucket tokens. In other words: consider ALL of your CI/CD variables pwned. "We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning,” Bustan told The Register. “What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide.” Plus, he added, hacking GitHub “compromises the security of every company with a private repository hosted on the platform.” This new wave of supply chain attacks hitting developers’ environments won’t stop until “companies like npm and GitHub take serious action against the spread of malicious code on their servers,” Bustan said. He noted npm’s statement on X saying it “invalidated npm granular access tokens with write access that bypass 2FA” to prevent additional supply-chain attacks like Mini Shai Hulud. “That could help a little with account hijacking, but it doesn’t solve the actual problem,” Bustan said. “Malicious code is still reaching their servers, and nothing is stopping it before it does.” npm … but not TeamPCP SafeDep spotted Megalodon hidden inside a legitimate package: Tiledesk, an open source live chat and chatbot platform. The attacker backdoored versions 2.18.6 (May 19) through 2.18.12 (May 21), and the same npm maintainer published the last clean version, 2.18.5, before unknowingly publishing these newer compromised versions. “The attacker never touched the npm account,” the open source supply-chain security startup researchers said. “They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.” While publishing malicious packages on npm is a TeamPCP signature move, Bustan said there’s no threat-intel or code-analysis evidence that connects Megalodon to the crew behind the Trivy, Checkmarx, and other recent supply-chain attacks. “Our best guess now is that it's a different threat actor copying their behavior and style, but not much of the code itself,” he told us. And despite TeamPCP open sourcing its Shai-Hulud worm and announcing a supply-chain attack competition on BreachForums, Ox doesn’t believe Megalodon is a contest entry. “We have indications that they are not participating in the TeamPCP contest due to the contest having a specific rule to add a public encryption key that the actor behind the malware could match with his private key to prove his involvement,” Bustan said. Who is built-bot? SafeDep’s threat hunters traced the malicious commit (acac5a9) to an author “build-bot,” connected to the email address build-system[@]noreply.dev with the message “ci: add build optimization step.” The author name and noreply email mimic automated CI commits, and there’s no GitHub account linked to the author and committer user fields. “Someone pushed the commit to master with no PR and no merge commit, using a compromised PAT or deploy key,” according to the researchers. They searched GitHub for other commits authored by the same email address and found 2,878 results, plus a second email, ci-bot@automated.dev, with an additional 2,841 commits. All landed May 18 during a six-hour window (11:36 to 17:48 UTC) and targeted 5,561 repositories. This includes nine compromised Tiledesk repositories: tiledesk-server, tiledesk-dashboard, tiledesk-telegram-connector, tiledesk-llm, tiledesk-docker-proxy, tiledesk-community-app, tiledesk-campaign-dashboard, tiledesk-helpcenter-template, and tiledesk-ai. Others include Black-Iron-Project with eight compromised repos, WISE-Community, and hundreds of smaller repositories. ®

Slashdot

News for nerds, stuff that matters

Samsung Chip Workers To Get $340,000 Average Bonus In AI Boom

Samsung is reportedly set to pay chip-division workers an average bonus of about $340,000 after reaching a tentative deal with its union, according to Bloomberg (paywalled). The deal ended a standoff that "could have cost the economy as much as 1 trillion won ($658 million) daily, with losses potentially multiplying to 100 trillion won ($68 billion) if in-progress semiconductor wafers were rendered unusable," reports Quartz. From the report: The agreement, subject to a union ratification vote running May 22 through May 27, calls for Samsung to direct 10.5% of operating profit into stock bonuses along with a separate 1.5% cash component, according to Bloomberg. The program runs for 10 years, contingent on the company meeting profit thresholds. One-third of the stock award can be liquidated right away, with the rest parceled out in installments across the next two years, Bloomberg reported. The first payout is expected in early 2027.

Not all workers will fare equally. As an illustration, Reuters cited a union source estimating that someone in the memory chip unit earning an 80-million-won base salary could take home roughly 626 million won in total bonuses this year. By comparison, workers at SK Hynix stand to collect upward of 700 million won should their employer post annual profit of 250 trillion won, Reuters calculated. Unlike at Samsung, SK Hynix employees are not limited to stock payouts and may instead opt for cash, Reuters reported.

Read more of this story at Slashdot.

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

Celstraf voor twintiger die politie met zwaar vuurwerk aanviel bij azc-rellen IJsselstein

Formula 1 News

Formula 1® - The Official F1® Website

Our guide to in-race betting opportunities in Canada

When the lights go out in Montreal, bettors will be watching closely to make accurate predictions in real-time.

LIVE COVERAGE: All the action from FP1 in Canada

Live coverage of Friday's first practice session for the 2026 Canadian Grand Prix.