Prendo spunto dall’intervista rilasciata ad Affaritaliani.it dal ministro della Difesa Guido Crosetto sul tema dell’eventuale ingresso dell’Ucraina nell’Unione Europea.

Crosetto individua correttamente uno dei problemi più evidenti che una simile scelta comporterebbe: l’impatto sul settore agricolo europeo. L’Ucraina è infatti storicamente uno dei maggiori produttori agricoli del continente e dispone di una superficie territoriale superiore a quella della Francia. È quindi difficile immaginare che l’ingresso di un gigante agricolo di tali dimensioni possa avvenire senza provocare profonde tensioni competitive all’interno del mercato unico, aggravando ulteriormente le difficoltà che già oggi interessano milioni di agricoltori europei.

Si tratta di una considerazione del tutto condivisibile. Tuttavia, il problema è molto più profondo e non riguarda soltanto l’agricoltura. Riguarda la natura stessa dell’Unione Europea.

L’Europa comunitaria è nata come un progetto di integrazione economica. Il mercato unico, la libera circolazione di merci, servizi, capitali e persone e, successivamente, l’introduzione della moneta unica sono stati costruiti attorno a un principio fondamentale: l’appartenenza all’Unione presuppone il rispetto di precisi requisiti economici, istituzionali e normativi.

Per decenni ai cittadini europei è stato spiegato che l’ingresso di nuovi Paesi non poteva essere il risultato di una scelta politica discrezionale, ma rappresentava il punto di arrivo di un lungo percorso di convergenza. Proprio per questo motivo le procedure di adesione sono complesse, richiedono anni di negoziati e impongono l’adeguamento a criteri rigorosi che riguardano l’economia, la finanza pubblica, l’ordinamento giuridico, la capacità amministrativa e il funzionamento delle istituzioni.

In altre parole, l’Unione Europea non è mai stata presentata come un’organizzazione alla quale si aderisce per ragioni di opportunità politica, bensì come una comunità fondata su regole comuni e parametri condivisi.

Nel caso dell’Ucraina, invece, il dibattito sembra essersi progressivamente spostato su un piano completamente diverso.

Nessuno sostiene seriamente che Kiev sia oggi in possesso delle caratteristiche economiche, finanziarie e istituzionali che tradizionalmente sono state richieste agli altri Paesi candidati. L’argomento principale utilizzato a favore dell’adesione è infatti di natura geopolitica: sostenere l’Ucraina nel confronto con la Russia, consolidare la presenza europea nell’Europa orientale e rafforzare il ruolo strategico dell’Unione nello scenario internazionale.

Si tratta di motivazioni politicamente legittime. Ma proprio perché si tratta di motivazioni politiche, esse impongono una riflessione che va ben oltre il caso specifico dell’Ucraina.

Se un Paese può essere ammesso nell’Unione Europea principalmente per ragioni strategiche e geopolitiche, allora significa che i criteri economici e istituzionali non costituiscono più il fondamento esclusivo del processo di allargamento.

E se tali criteri cessano di essere determinanti quando si decide chi può entrare nell’Unione, diventa inevitabile chiedersi perché continuino a essere considerati inderogabili quando si tratta di giudicare gli Stati che ne fanno già parte.

Questa è la vera questione. Da anni Bruxelles richiama costantemente gli Stati membri al rispetto di parametri, obiettivi quantitativi, procedure e vincoli sempre più dettagliati. Intere politiche economiche nazionali vengono valutate sulla base di scostamenti minimi rispetto ai valori fissati dalle istituzioni europee. I governi vengono sottoposti a procedure di infrazione, richiami e monitoraggi continui. Il messaggio è sempre stato chiaro: le regole vengono prima della politica.

Eppure, nel caso dell’Ucraina, sembra affermarsi il principio opposto.

Come si può mantenere un Paese sotto pressione per differenze marginali rispetto agli obiettivi di bilancio e, contemporaneamente, sostenere l’ingresso di uno Stato che, per ragioni del tutto comprensibili legate alla guerra e alla successiva ricostruzione, non potrà realisticamente soddisfare per molti anni — forse per decenni — gli standard economici e istituzionali che l’Unione ha sempre considerato indispensabili?

Non si tratta di una questione contingente.

L’Ucraina è un Paese devastato da un conflitto che ha compromesso infrastrutture, reti energetiche, impianti industriali, collegamenti logistici e capacità produttiva. La sfida che attende Kiev non consiste semplicemente nel tornare ai livelli precedenti alla guerra, ma nel ricostruire un sistema economico e infrastrutturale compatibile con gli standard richiesti dall’Unione Europea.

Nessuno è oggi in grado di quantificare con precisione il costo complessivo di un simile processo. Ciò che appare certo è che la sua portata sarà enorme e che richiederà tempi lunghissimi.

Tuttavia, nemmeno questo è il punto centrale.

Il vero problema è che l’adesione viene discussa indipendentemente dal completamento di quel percorso di convergenza che in passato veniva considerato indispensabile.

Da qui nasce una seconda conseguenza, altrettanto importante.

Se il criterio determinante diventa quello geopolitico, quale principio oggettivo consentirà in futuro di distinguere tra candidature accettabili e candidature non accettabili? Per quale ragione il medesimo ragionamento non dovrebbe essere applicato ad altri Paesi considerati strategicamente rilevanti? Con quale coerenza si potrebbero invocare criteri economici e istituzionali per respingere altre richieste di adesione dopo aver sostenuto che, in circostanze particolari, tali criteri possono essere superati da valutazioni politiche?

Una volta affermato il principio secondo cui l’opportunità geopolitica prevale sulla convergenza economica e istituzionale, il confine dell’Unione Europea diventa inevitabilmente il risultato di una decisione politica discrezionale e non più l’applicazione di parametri verificabili e uguali per tutti.

L’Europa ha naturalmente il diritto di compiere una simile scelta. Ciò che non può fare è fingere che nulla cambi.

Può continuare a definirsi una comunità fondata sulla convergenza economica, sulla disciplina condivisa, sulla compatibilità istituzionale e sul rispetto di criteri comuni. Oppure può trasformarsi in un soggetto prevalentemente geopolitico nel quale le valutazioni strategiche prevalgono sui parametri che hanno caratterizzato il processo di integrazione degli ultimi decenni.

Entrambe le opzioni sono legittime.

Ciò che appare difficilmente sostenibile è la pretesa di mantenere contemporaneamente entrambe le impostazioni: rigore assoluto quando si tratta di imporre obblighi agli Stati membri e flessibilità straordinaria quando si tratta di decidere l’allargamento dell’Unione.

In definitiva, la questione non riguarda l’Ucraina. Riguarda l’Europa. Se l’Unione Europea ritiene che ragioni politiche, strategiche o solidaristiche debbano prevalere sui criteri economici e istituzionali che hanno guidato il processo di integrazione negli ultimi decenni, ha tutto il diritto di compiere questa scelta. Ma allora abbia anche il coraggio di dirlo apertamente.

Lo dichiari ai cittadini europei. Modifichi i Trattati. Ridefinisca formalmente la propria missione. Spieghi che l’Unione non è più principalmente una comunità fondata sulla convergenza economica e sulla disciplina condivisa, ma una struttura nella quale le valutazioni politiche possono prevalere sui criteri che fino a ieri venivano considerati inderogabili.

Perché se il criterio politico prevale quando si decide chi entra nell’Unione, diventa sempre più difficile pretendere che il criterio tecnico sia assoluto quando si giudicano coloro che ne fanno già parte.

In quel caso Bruxelles non potrà più chiedere ai governi europei di considerare sacri determinati parametri economici, perché sarà stata la stessa Unione a dimostrare che, quando lo ritiene opportuno, quei parametri possono essere subordinati ad altre esigenze.

La credibilità di un’istituzione non dipende dalla severità delle regole che impone, ma dalla coerenza con cui le applica. Se l’Europa vuole cambiare natura, lo faccia. Ma lo dica chiaramente. Perché il problema non è cambiare le regole. Il problema è continuare a pretendere che siano inviolabili per alcuni e derogabili per altri.

Ucraina nella UE? No, grazie.

Antonio Marina Rinaldi

Rimani aggiornato seguendoci su Google News!

SEGUICI

https://scenarieconomici.it/ucraina-nella-ue-no-grazie/

Russia’s intelligence agencies have grown more aggressive in their efforts to steal Western technology and defense secrets as sanctions squeeze the country’s wartime economy, three senior European intelligence officials told The Associated Press.

Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who are gathering information that could also be used to attack key infrastructure, they said.

Four years of international sanctions have hampered Moscow’s ability to procure machinery, technology and research from Europe, while the grinding war in Ukraine has taxed key industries and pushed the country toward a potential financial crisis.

“They really know what they need,” and are putting “serious effort” into acquiring advanced machine tools, factory equipment, research and dual-use technology, said Christoffer Wedelin, deputy head of operations at the Swedish Security Service.

Russia seeks high-end research, defense technology and software

In Sweden, Russia is targeting the defense industry and high-end research on the country’s most advanced weaponry, such as the Gripen fighter jet, Wedelin said. It is also trying to procure camera and laser technology developed for civilian purposes that could be integrated into Russian weapons systems, he said.

Moscow is also trying to steal technology to help it keep pace — or give it an edge — against the West in the decades ahead, said Juha Martelius, the director of Finland’s Security and Intelligence Service.

“We’re talking about space technology, quantum … arctic technology, marine technology,” he said, adding that space technology is something Russia needs “right now,” without elaborating. Countries use such technology for satellite imaging, communications and navigation.

Russia also needs sanctioned computer technology and software updates for machine tools, Martelius said.

On Wednesday, Anne Keast-Butler, the director of the U.K’s signals intelligence agency, accused Russia of “relentlessly targeting” the U.K. and its European allies, by stealing technology and plotting sabotage and assassination attempts.

In May, Swedish police arrested two people on suspicion of violating sanctions relating to a company in Turkey that has made dozens of shipments of metalworking and metal-turning machine tools to Russia.

As the schemes to acquire technology grow more complex, companies need to be more aware they could unwittingly become part of Russia’s war supply chain, Wedelin said.

“All of the security and intelligence services in Russia are helping out on the state’s efforts to get this,” he said.

Intelligence officials say Russia cares less about getting caught

Moscow is also deploying cyberattacks against European firms and critical infrastructure in an attempt to gather information, which it could exploit “when they get the chance and when it serves their purpose,” Wedelin said. He pointed to an attack on a Swedish power plant last year.

Russia-linked actors tried to “destroy” the plant but failed because the system detected the intrusion, Wedelin said. He said the attack was partly aimed at undermining Western support for Ukraine.

Before then, Sweden’s security services had mostly observed reconnaissance for potential attacks, intelligence gathering or activity linked to cybercriminals. The attack marked a “switch” in Russia’s modus operandi, Wedelin said.

“They’re no longer caring as much about potential attribution after their activities, so they are taking greater risks to achieve their goals,” he said.

Problems are mounting for Russia’s economy

Russia’s increasingly aggressive tactics may reflect mounting internal concerns about its economy, which “is not doing well at all,” said Kaupo Rosin, the head of Estonia’s Foreign Intelligence Service.

About a third of Russia’s gross domestic product currently goes to the war effort, Martelius said. The war and ensuing sanctions have slowed growth and fueled stubborn inflation.

Russian officials planned to have a budget deficit of 3.7 trillion rubles ($52.1 billion) for the whole of 2026 and had already reached about 3.4 trillion rubles ($47.9 billion) by the end of February, Rosin said.

The Iran war that erupted on Feb. 28 has provided a boost by causing oil prices to soar. The U.S. has granted sanctions waivers for the sale of Russian oil and the U.K. watered down its sanctions in an attempt to lower global fuel costs.

Increased revenue since then has likely improved Russia’s budget, but “it doesn’t save them,” Rosin said, adding that if Western pressure persists, Moscow could face a financial crisis toward the end of the year.

Rosin said intelligence seen by his agency shows a gloomier outlook among Russian officials over the past six months, with the narrative of “total victory” in Ukraine having vanished. Keast-Butler, of British intelligence, said almost 500,000 Russian soldiers have been killed in Ukraine since the full-scale invasion in 2022.

Russia and Ukraine have mostly kept their combat casualty figures under wraps.

Stalled progress on the battlefield and economic woes have many Russian officials privately asking “what is this all for,” Rosin said, citing the intelligence reports.

Martelius, of Finland’s intelligence service, said that while some reports on the war in Ukraine may have been “sanitized” before reaching President Vladimir Putin’s desk, he believes the Russian leader has a fairly clear picture of the economic challenges.

But that does not mean there will be political change.

It is “very dangerous … to start analyzing Russia as if it is some country like ours,” Martelius said. “It is not.”

https://www.securityweek.com/russian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say/

Obsidian Security has released technical information and proof-of-concept (PoC) code targeting a remote code execution (RCE) vulnerability in Flowise.

The issue, tracked as CVE-2026-40933 (CVSS score of 9.9), was disclosed in April along with several other security defects impacting AI ecosystems that rely on Anthropic’s MCP protocol.

Flowise, a popular open source platform that provides developers with a drag-and-drop interface for building LLM flows and AI agents, and which has over 52,000 GitHub stars, was flagged as one of the impacted products.

According to OX Security, the root cause of the issue is a “by design”, systemic command injection vulnerability in Anthropic MCP, which propagates through the ecosystem.

[Learn More: SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay]

A NIST advisory describes CVE-2026-40933 as an unsafe serialization of stdio commands in the MCP adapter, allowing an attacker to add an MCP stdio server with an arbitrary command and achieve code execution.

The security weakness existed because Flowise before version 3.1.0 allowed any user to add a new MCP and, when doing so, to add any command, enabling code execution on the underlying OS.

According to Obsidian, the bug can be exploited by attackers to take over servers by simply convincing a user to import a crafted chatflow. The import action triggers arbitrary code execution on the server.

“Any user who can create or edit chatflows can add a Custom MCP Tool and supply a malicious stdio MCP configuration. In practice, this requires a malicious insider or a compromised user account,” Obsidian notes.

A remote attacker, the cybersecurity firm explains, can include a malicious command in a Custom MCP Tool configuration, export the chatflow as JSON, and share it with the victim. The payload abuses Flowise’s legitimate functionality to execute the malicious command during the import process.

“Flowise’s Custom MCP node has an ‘Available Actions’ dropdown that lists the tools exposed by the configured MCP server. To populate that dropdown, the canvas asks the backend to enumerate the server’s tools. With stdio transport, enumeration starts the configured command. Because the dropdown loads when the imported chatflow renders on the canvas, the import alone can spawn the command,” Obsidian notes.

The cybersecurity firm has published PoC code that, when imported, creates a shell back to Docker’s bridge address for the host.

Obsidian says successful exploitation of CVE-2026-40933 leads to “OS-level execution with the Flowise process’s privileges, often root in containerized deployments. Every credential stored in the platform is readable. Every connected service is reachable. Flowise in production is typically wired into databases, APIs, and cloud accounts; the blast radius scales with whatever it connects to.”

The cybersecurity firm notes that Flowise Cloud is not affected, because it has stdio MCP disabled. Self-hosted instances are vulnerable by default.

Related: Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Related: Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

Related: Anthropic Releases New Claude Sandbox, Security Guidance Plugin

Related: ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

https://www.securityweek.com/exploit-code-published-for-critical-flowise-rce-vulnerability/

Stati Uniti, Cina e ora, con rinnovato vigore, la Corea del Sud, stanno accelerando drasticamente i tempi per la commercializzazione della fusione nucleare, spostando l’orizzonte temporale dal lontano 2050 ai ben più prossimi anni ’30 di questo secolo. Conosciamo bene quello che sta facendo Commonwealth Fusion, ma oggi vogliamo considerare un’altra parte del mondo.

Il protagonista di questa accelerazione asiatica è il reattore KSTAR (Korea Superconducting Tokamak Advanced Research), affettuosamente e ambiziosamente ribattezzato il “sole artificiale” coreano. L’obiettivo dichiarato dal Korea Fusion Energy Research Institute (KFE) è chiaro: mantenere un plasma a 100 milioni di gradi centigradi per 300 secondi. Non si tratta di un semplice record da esibire, ma della soglia critica necessaria per dimostrare che la fusione può passare da esperimento di laboratorio a base per centrali elettriche commerciali.

Lo stato dell’arte: una corsa a tre

Per comprendere la portata della sfida sudcoreana, è utile inquadrare gli attuali record globali, che dimostrano come la ricerca si stia muovendo su binari paralleli ma convergenti verso il medesimo fine:

Come Seoul intende vincere la sfida tecnica

Il salto dai 48 secondi attuali ai 300 secondi richiesti per la stabilità commerciale non è banale. Il problema principale a queste temperature infernali non è solo generare il calore, ma contenerlo senza distruggere la macchina che lo ospita.

La Corea del Sud sta puntando su una modifica strutturale e sull’intelligenza artificiale. KSTAR sta affrontando operazioni di lunga durata in un ambiente dotato di un divertore in tungsteno. Il tungsteno ha il vantaggio di resistere a temperature estreme, ma presenta un rischio letale per la reazione: se particelle di questo metallo si staccano ed entrano nel plasma, lo raffreddano istantaneamente, spegnendo il “sole”.

KStar

È qui che entra in gioco la vera innovazione su cui punta Seoul. Come spiegato da Yoon Siwoo, vicedirettore del KFE, la soluzione passa per il controllo attivo della forma del plasma tramite Intelligenza Artificiale. Algoritmi avanzati, capaci di reagire in millisecondi, modificheranno i campi magnetici per mantenere il plasma stabile e lontano dalle pareti, impedendo la contaminazione da tungsteno. È l’unione tra forza bruta (calore estremo) e controllo algoritmico millimetrico.

Avremo presto la fusione commerciale?

La strategia sudcoreana va letta in un’ottica macroeconomica ben precisa. Istituti di ricerca statali stanno mutando pelle: da enti di supporto alla ricerca di base a vere e proprie “piattaforme strategiche nazionali”. Investire massicciamente oggi per accaparrarsi i brevetti della fusione significa garantirsi l’indipendenza energetica assoluta domani, e la possibilità di esportare la tecnologia più preziosa del pianeta.

Avremo davvero la fusione commerciale negli anni ’30? È un traguardo tremendamente ambizioso, ma l’immissione di enormi capitali pubblici, unita alla flessibilità e velocità di esecuzione asiatica, rende questa data non più un miraggio ascrivibile alla fantascienza, ma un target industriale concreto. Per ora c’è solo Commonwealth Fusion che afferma di essere in grado di attivare il prossimo anno il proprio reattore dimostrativo a fusione nucleare commerciale con guadagno di potenza. Gli altri progetti hanno tempi più lontani.

Nel frattempo, per non farsi trovare impreparata, la Corea del Sud sta scommettendo pesantemente anche sui Reattori Modulari Piccoli (SMR). Il Korea Atomic Energy Research Institute (KAERI) ha già ottenuto l’approvazione per il design del suo SMR ‘SMART’. Questa tecnologia funge da ponte: garantisce energia baseload stabile, a zero emissioni e a costi prevedibili fin da subito, preparando il terreno industriale e infrastrutturale per il giorno in cui il primo sole artificiale commerciale sarà acceso in modo permanente.  L’autonomia energetica è, alla fine, soprattutto una questione di programmazione e di coretti investimenti di capitali, e smbra che la Corea abbia intrapreso la strada giusta.

Rimani aggiornato seguendoci su Google News!

SEGUICI

https://scenarieconomici.it/corsa-alla-fusione-nucleare-la-corea-del-sud-lancia-la-sfida-dei-100-milioni-di-gradi-per-300-secondi/

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center.

The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands.

Used for criminal purposes

“The police then seized several botnet servers from a hosting provider for investigation,” the NCSC said. “The botnet was taken offline by the provider because it was used for criminal purposes.”

According to a report Thursday by the NL Times, the botnet was linked to ASOCKS, a Russia-based company that provides residential proxy services. These services cater to people and organizations who want to obscure their locations or identities by proxying their Internet traffic through third-party devices. Proxy services are often used for illicit or unethical purposes such as performing DDoS attacks, running botnet command-and-control servers, operating phishing operations, and scraping website content.

Ars was unable to independently confirm the NL Times report, but the claim checks out. Thursday’s NCSC post linked to a separate post that the nonprofit organization published a day earlier. That post, in turn, was updated to add a link to Thursday’s post. Wednesday’s post, headlined “Residential proxies and their major impact on digital security in the Netherlands,” warned: “Residential proxies are used to maintain anonymity and circumvent geographical restrictions. In this way, a Dutch organization can be attacked with Dutch proxies that have similarities with ‘regular’ traffic, making cybercrime mitigation more difficult.”

https://arstechnica.com/security/2026/05/botnet-of-more-than-17-million-devices-dismantled/

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.

This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.

Here are this week’s highlights:

Trump Mobile data breach

Phone provider Trump Mobile has confirmed that customers’ names, addresses, email addresses, phone numbers, and other data was exposed to the internet. The company reportedly said a third-party platform provider was responsible for the exposure. 

Russian hackers’ deep reach in Treasury emails

Documents presented in a Freedom of Information Act lawsuit filed by Bloomberg News against the US government show that the Russian state-sponsored APT responsible for the 2019-2020 SolarWinds supply chain attack had deep access to Treasury emails. The hackers reportedly focused on only eight email accounts linked to 300 other email addresses. The Treasury had roughly 94,000 people at the time.

VS Code Remote SSH extension vulnerability

A remote code execution (RCE) vulnerability in the Visual Studio Code (VS Code) Remote‑SSH extension could allow attackers to pivot to remote systems, security researcher Suman Kumar Chakraborty warns. The issue exists because, upon initiating a Remote SSH connection, the extension writes a bootstrap shell script to the Temp directory. An attacker with access to the system can modify the script before it is transmitted and executed on the remote server, to deploy a reverse shell. 

UK Visa Portal exposes over 100,000 documents

Immigration portal UK Visa Portal publicly exposed over 100,000 documents of people who applied for a UK visa, TechCrunch reports. Not affiliated with the UK government, the website requires applicants to upload selfies and passports, and to pay a fee for obtaining visas. The exposed files were stored in an AWS S3 bucket and were secured earlier this week.

LinkedIn phishing campaign abuses Adobe Target

Phishers are posing as LinkedIn in a new phishing campaign posing as a business inquiry. The emails contain fake contract attachments masquerading as PDFs. In fact, they are HTML files directing victims to the Adobe Target A/B testing platform. The attackers are abusing Adobe Target to track users and serve them fake login pages to steal their credentials before redirecting them to LinkedIn. 

2026 FIFA World Cup in attackers’ crosshairs

Just as the 2026 FIFA World Cup is about to kick off, Group-IB has discovered over 4,300 fraudulent domains impersonating FIFA, including a sophisticated phishing campaign run by Chinses-speaking hacking group Ghost Stadium. The threat actor has set up over 300 domains, including a pixel-perfect clone of the legitimate FIFA site. The phishers could cause hundreds of millions of dollars in losses.

Veeam, Notepad++, Roundcube patches

Veeam this week resolved two high-severity vulnerabilities in its Backup & Replication product, warning they could lead to privilege escalation and arbitrary file writes. Notepad++ patched three security issues, including two leading to arbitrary code execution. The latest Roudcube security updates fix eight flaws, including unauthenticated SQL injection and arbitrary file delete bugs. 

CISA responds to recent supply chain attacks

The US cybersecurity agency CISA has expanded its KEV catalog with three vulnerabilities describing recent software supply chain attacks. These include Daemon Tools Lite, TanStack, and Nx Console (which led to the 3.800 internal GitHub repositories hack). CISA also issued an alert on the Megalodon and Nx Console attacks, urging organizations to hunt for and remediate potential compromises. NPM invalidated granular access tokens in response to these attacks.

Supply chain attack hits 176 NPM packages

Sonatype warns of a supply chain attack involving 176 malicious NPM packages containing postinstall scripts designed to install information-stealing malware on the victims’ computers. The malware harvests and exfiltrates credentials, system and directory information, environment variables, CI/CD secrets, and other tokens and sensitive information. All malicious packages have the version number 99.99.99.

Contractor jailed for hacking former employer

Maxwell Schultz, 36, of Columbus, Ohio, was sentenced to 24 months in federal prison for hacking into his employer’s network after his contract was terminated in May 2021. Impersonating another contractor, he obtained login credentials, accessed the former employer’s systems, and executed a script that reset roughly 2,500 passwords, locking out employees and contractors and causing more than $862,000 in losses. Schultz pleaded guilty in November 2025.

Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws

https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/

https://www.adweek.com/tvnewser/week-of-may-18-2026-cable-news-ratings/

Earlier this week, stock trading app Robinhood launched Agentic Trading and Agentic Credit Card, features allowing customers to deploy AI agents for the purpose of making trades and credit card purchases. The organization asserts it is approaching this agentic AI deployment with a “safety-always mindset” by implementing limited account access, spending controls and the ability to disable agents. Furthermore, it is offering fraud detection, manual approvals (if a user opts in for them) and the ability to preview trades “when appropriate.” 

But are these measures sufficient? Security magazine speaks with Senior Vice President of Offensive Security at Darktrace Justin Fier to learn more. 

The first concern Fier brings up is the uncertainty around accountability.

“Allowing AI agents to trade stocks raises serious questions about responsibility and trust,” he says. “Money managers and licensed traders go through significant certification and oversight because people are trusting them with their money. If an AI agent gives bad advice, hallucinates, misunderstands market conditions, or makes a trade that causes someone to lose money, who is responsible? Is it the platform, the model provider, the agent, or the end user? And is that responsibility clearly defined?”

The sensitivity of data and accounts involved is another.

“The broader concern is the precedent this sets for putting too much trust in systems that can act on a user’s behalf before the controls and accountability are mature. People are increasingly giving AI agents access to sensitive systems including financial accounts, health data, email, and corporate applications, all of which can have real-world consequences if the agent makes the wrong decision, is manipulated, or is compromised,” Fier asserts. 

Finally, Fier urges individuals and organizations to consider the security risks. 

“From a security perspective, the risk is that these agents often operate through access the user has already granted. That means malicious, unexpected, or manipulated activity may look like normal user activity. If an agent is compromised or steered into taking the wrong action, defenders may not immediately know whether it was the person, the agent acting on that person’s behalf, or an attacker abusing the agent’s permissions,” Fier says. “Organizations and consumers need to know when an agent is acting, what it can access, what actions it can take, and how to stop it before the consequences become real. We should not be accepting a model where people hand over broad authority to AI agents and only find out after the fact that the guardrails or security controls were not strong enough.” 

Robinhood says users can bring in their agents “from anywhere” and connect them to the organization’s AI-native Model Context Protocol (MCP) servers. “Our mission has always been to democratize finance for all, and now, that mission extends to AI agents,” commented Vlad Tenev, CEO of Robinhood. 

“In a financial setting, consequences can be serious,” Fier warns. “By the time someone realizes the agent was wrong, compromised, or manipulated, the damage may already be done with money already lost.” 

https://www.securitymagazine.com/articles/102330-risks-of-robinhood-using-ai-agents-to-trade-make-purchases

The notorious ShinyHunters extortion group has published data allegedly stolen from the telecoms services provider Charter Communications.

ShinyHunters is known for engaging in voice phishing attacks to gain access to victim organizations’ networks and rapidly exfiltrate data that it then threatens to leak online unless a ransom is paid.

The group lists its victims on a Tor-based leak site, and the data it claims to have been stolen from Charter was made available for download on that portal on Thursday, which suggests that the company did not pay a ransom to prevent its publication.

According to ShinyHunters’ post, the stolen data includes over 42 million customer records, along with customer proprietary network information (CPNI).

The number of potentially affected individuals, however, appears to be only 4.9 million, data breach notification website HaveIBeenPwned says.

Its analysis of the data revealed 4.9 million unique email addresses, along with names, addresses, and phone numbers. The data contains 85,000 records associated with employee accounts, each of which includes a job title.

Over the past year, ShinyHunters has claimed numerous high-profile data breaches, mainly involving Salesforce customers. Some of these include Canvas, CarGurus, Carnival, Panera Bread, 7-Eleven, and Grafana.

One of the largest broadband providers in the US, Charter has over 30 million residential and business customers.

“We are aware of the situation, following our security protocols, and are working with appropriate authorities. Only sales tools used to manage current, past, and prospective business customers were impacted; no CPNI or sensitive PI was released by the threat actor,” a Charter spokesperson said, responding to a SecurityWeek inquiry. 

Related: Oncology Institute Discloses Data Breach

Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond

Related: DocketWise Data Breach Impacts 143,000

Related:American Lending Center Data Breach Affects 123,000 Individuals

https://www.securityweek.com/charter-communications-data-breach-could-impact-nearly-5-million/

French cybersecurity startup MokN has raised $15 million in a Series A funding round that brings the total investment in the company to $18 million.

Paris-based MokN was founded in 2023 to tackle identity protection differently. Unlike traditional solutions, it plants honeypots within enterprise environments, luring threat actors into revealing compromised credentials.

Using ultra-realistic decoy access points, the phish-back solution is designed to outsmart attackers and to allow organizations to neutralize stolen credentials before they are used.

MokN’s Series A funding round was led by Google Ventures, with additional support from DataDog, previous investors Moonfire and OVNI Capital, and various angel investors.

The fresh investment will be used to expand the platform to the US, where credential-based intrusions have become dominant, MokN says. Per the latest Verizon DBIR, credential abuse was responsible for roughly 13% of the confirmed data breaches in 2025.

Additionally, the startup will invest in global expansion, starting with the opening of new offices in the US and the UK. To support the expansion, the company will hire new talent across sales and marketing, and customer success.

MokN also plans to expand its engineering team and to increase its research and development efforts to enhance the phish-back platform’s capabilities.

“As a former SOC Manager, I experienced firsthand how compromised identities remained a critical blind spot. MokN was built to change that. Today, we work with major enterprises to define a new category—Active Identity Recovery—giving them a proactive edge against identity-based attacks,” said MokN co-founder and CEO Gautier Bugeon.

Related: Geordie Raises $30 Million for AI Security and Governance Platform

Related: RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

Related: Exaforce Raises $125 Million for Agentic SOC Platform

Related: Frame Security Emerges From Stealth With $50M for Awareness and Training Platform

https://www.securityweek.com/mokn-raises-15-million-for-phish-back-platform/