I’ve probably featured this before but always worth a re-up: “A Books Unbanned library card gives teens across the United States free digital access to ebooks and digital resources, including banned and challenged books — no matter where they live.”

Emails and WhatsApp messages reveal string of exchanges with ministers when he was president of Global Counsel

Peter Mandelson, as president of his then advisory firm Global Counsel, lobbied hard for ministers to attend his events and to meet his firm’s staff in the months following Labour’s general election win, newly released documents reveal.

Emails and WhatsApp exchanges show how active the Labour peer was in the wake of the election to work his contacts within government to the potential advantage of both his company and his then campaign to be chancellor of Oxford University.

Continue reading...

Split decision deals blow to Trump administration’s anti-diversity agenda, calling the ban ‘arbitrary, and based on animus’

Transgender troops can remain in the US military, but the armed services can continue to block their enlistment, an appeals court ruled on Monday in a split decision with potentially significant consequences for the Trump administration’s anti-diversity agenda.

The divided, majority opinion by a three-judge panel of the US court of appeals for Washington DC is expected to be challenged by the government. And the case is ultimately likely to reach the US supreme court.

Continue reading...

She’ll change her tune, Nguan

Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised rather than an npm token," the report says. "If you have installed any affected package versions since June 1, 2026, treat all CI secrets, cloud credentials, SSH keys, and npm tokens as compromised and rotate them immediately." From the report: Each compromised package declares a preinstall script in its package.json that executes node index.js automatically on every npm install, before any application code runs and before the developer has any indication something is wrong. The index.js file is 4.2 MB payload hidden behind multiple layers of obfuscation.

As with previous Mini Shai-Hulud attacks, the payload performs a broad credential sweep across cloud providers, CI/CD environments, and developer tooling. On the CI side it targets GitHub Actions secrets including GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN. For cloud credentials it collects AWS access keys and session tokens, GCP application default credentials and service account key files, and Azure service principal credentials and managed identity tokens. It also sweeps for HashiCorp Vault tokens, Kubernetes service account tokens and kubeconfig files, npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and any .env files it can find across the filesystem.

Read more of this story at Slashdot.

Sparkling World has added a photo to the pool:

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising orgs, political parties, and government-related services also spotted by the security shop’s intelligence arm in May. "Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access," Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register. "A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said. "When combined with a large pool of exposed credentials, attackers have more opportunities to conduct convincing and scalable election-related operations." Plus, AI gives phishing, impersonation, election misinformation and other scam operations a massive boost, making them faster, cheaper, and easier to scale. The uptick in election-related threats follows the Trump administration’s efforts to gut America’s lead cyber-defense agency and decimate its efforts to combat election-related fraud, while slashing its budget and workforce, and shutting down the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). According to a Monday report, Check Point has been monitoring registered domains and documented about 1,300 containing the keyword “election” and 2,957 containing “vote” in January. Three months later, between April 13 and May 14, about 1,140 newly registered domains contained the word "election," while the number containing "vote" had climbed to about 4,010. While simply registering a domain doesn’t guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, and campaign donation scams, and misinformation sites designed to look like official election communications. Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democrats’ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen services’ site credentials. Hess told us that "it's important to note that the credential statistics reflect credentials identified on Check Point's External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself." As the reports point out, the credential leaks aren't limited to one political party or specific campaigns. “Individual political campaign domains showed little to no observed credential exposure across a sample of swing-state candidates from both major political parties, reinforcing that current exposure is concentrated in centralized platforms rather than campaign-specific infrastructure,” according to the report. “A single campaign domain stood out as an exception, with around 90 leaked credentials identified,” the report continued. "The campaign domain referenced was associated with candidate Tom Kean," Hess said, referring to Rep. Tom Kean Jr. (R-NJ). "However, it's important to note the credentials were identified within infostealer malware logs, which typically reflect opportunistic compromise rather than deliberate targeting of a specific campaign. While not indicative of direct targeting, the presence of these credentials may still pose a security risk if associated accounts remain active or reused.” In addition to the political org-related credential exposure, voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data - being given away for free - tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information. On April 26, the threat hunters spotted a post on criminal forum Spear[.]cx, claiming to offer a multi-state US voter database covering more than two dozen states and Washington, DC. ®

BRUSSEL (ANP) - Het Europees Parlement, de EU-lidstaten en de Europese Commissie zijn het eens geworden over de terugkeerregeling voor afgewezen asielzoekers. Eerder werden de drie EU-instituten het niet eens over wanneer de regeling precies van kracht zou zijn. Ze hebben nu een voorlopig akkoord voor een compromis hierover.

Eerder waren ze al akkoord met het toestaan van zogeheten 'terugkeerhubs' buiten de EU. Ook kinderen moeten in deze centra op uitzetting naar het land van herkomst wachten, tenzij het minderjarigen zonder begeleiding zijn.

In een zogeheten triloog zijn de instituten het eens geworden dat de terugkeerregeling van kracht is zodra deze is gemeld in het officiële publicatieblad van de EU. Lidstaten krijgen echter nog een jaar extra om een deel van de maatregelen uit te werken. Dit om EU-landen de tijd te geven bepaalde wet- en regelgeving op orde te brengen, IT-systemen aan te passen en personeel op te leiden.

HEERHUGOWAARD (ANP) - Bij een steekincident bij een bedrijf in Heerhugowaard zijn een dode en twee gewonden gevallen, meldt de politie. Rond 19.35 uur kreeg de politie een melding van een steekpartij en zette vervolgens de omgeving af voor een grote actie.

WARSCHAU (ANP) - De Nederlandse 3x3-basketballers zijn het WK in Warschau goed begonnen. Zowel het mannen- als het vrouwenteam, dat de titelverdediger is, won de eerste twee groepswedstrijden.

Het viertal bij de mannen, met olympisch kampioenen Worthy de Jong en Jan Driessen en verder Bryan Alberts en Daen van Tilborg, won in de groepsfase van Nieuw-Zeeland (21-13) en China (22-10).

De basketbalsters begonnen met een zege op Tsjechië (12-8) en waren later maandagavond ook met 19-13 te sterk voor Azerbeidzjan. Van het team dat in 2025 de wereldtitel veroverde in Ulaanbaatar spelen Noor Driessen en Ilse Kuijt mee. Lotte van Kruistum en Zoë Slagter zijn de teamgenoten in de Poolse hoofdstad.

De 3x3-basketballers nemen het woensdag op tegen Japan en Duitsland. De vrouwen treffen dezelfde dag Madagaskar en Polen.

Taffy Brodesser-Akner has profiled many celebrities.
Now, she profiles a media construct and its creation: "I Profile Celebrities for a Living. Nothing Prepared Me for Tilly Norwood." (NYT, gift link)

Brodesser-Akner has also been mentioned on mefi for non-celebrity profiles: previously, previously, previously, previously, previously

We take a deep dive into Qualifying at the Monaco Grand Prix and why betting fans will be watching closely.

Client is right.

Peter Kernwein posted a photo:

Peter Kernwein posted a photo:

Peter Kernwein posted a photo:

Peter Kernwein posted a photo:

Peter Kernwein posted a photo:

Van alle emancipatiebewegingen is die gericht op kinderen toch wel de allergeestigste, en dan bedoelen we niet de oorspronkelijke versie, die ervoor zorgde dat kinderarbeid en kindermishandeling in het verdomhoekje kwamen, maar de huidige, moderne variant, gericht op het voorkomen van kinderdiscriminatie. Leuke gevolgtrekking daarvan vandaag op de opiniepagina's van Trouw, waar een lezer lijkt te bepleiten dat politici er aan moeten bijdragen dat kinderen een onbezorgde jeugd hebben kinderen ervoor moeten zorgen dat de politiek beter gaat functioneren. "Verder moeten kinderen echt een stem krijgen bij de besluitvorming," lezen we. "Dit betekent dat iedere gemeente een kinderburgemeester en kinderraad krijgt, iedere provincie een kinderprovincieraad en dat in Den Haag ook een kinderadviesraad zal moeten komen." Ja weet je, het zijn schatten van schepsels, maar eerst maar eens je bord leeg eten zonder daarbij zowel tafel als voorhoofd als handen als kin als oren als wangen als nek te besmeuren met bolognesesaus, dank.

Er is een politiek akkoord bereikt tussen de EU-lidstaten en het Europees Parlement over het voorstel van de Europese Commissie voor de Terugkeerverordening. De Terugkeerverordening gaat zorgen voor meer mogelijkheden voor terugkeer van mensen die niet in Nederland mogen blijven. Bijvoorbeeld vreemdelingen van wie de asielaanvraag is afgewezen.