Local police shared an image of emergency services at the scene near Gélida
A train driver has been killed and at least 14 people injured after a commuter train derailed and crashed near Barcelona, local media report.
According to local officials, the Rodalies train collided with a retaining wall which fell onto the track between Gelida and Sant Sadurní on Tuesday evening.
The severity of injuries suffered by passengers is currently being assessed by emergency services.
The incident occurred as heavy storms battered north-eastern Spain.
Eleven ambulances are on the scene in Gelida, Catalonia – around 35km (21.7 miles) west of Barcelona – treating those injured, emergency services said.
The local fire service said 35 crews have been sent to the scene and have had to rescue one passenger trapped inside the train.
Emergency services said it had evacuated some of the injured to nearby Moisès Broggi, Bellvitge, and Vila Franca hospitals.
Many coastal areas in the east and north-west of Spain are on high alert because of the weather. There have also been snowstorms in the Spanish Pyrenees and storms along the coast of Menorca, causing waves several metres high.
The crash in Catalonia comes two days after two high-speed trains collided in Adamuz, Andalusia, in one of the worst Spanish rail accidents in over a decade.
At least 42 people are known to have died after carriages on a Madrid-bound train derailed and crossed over to the opposite tracks and then collided with an oncoming high-speed train.
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.
The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.
“This activity involved the deployment of a backdoor implant that provides remote code execution capabilities on the victim system,” security researcher Thijs Xhaflaire said in a report shared with The Hacker News.
First disclosed by OpenSourceMalware last month, the attack essentially involves instructing prospective targets to clone a repository on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment.
The end goal of these efforts is to abuse VS Code task configuration files to execute malicious payloads staged on Vercel domains, depending on the operating system on the infected host. The task is configured such that it runs every time that file or any other file in the project folder is opened in VS Code by setting the “runOn: folderOpen” option. This ultimately leads to the deployment of BeaverTail and InvisibleFerret.
Subsequent iterations of the campaign have been found to conceal sophisticated multi-stage droppers in task configuration files by disguising the malware as harmless spell-check dictionaries as a fallback mechanism in the event the task is unable to retrieve the payload from the Vercel domain.
Like before, the obfuscated JavaScript embedded with these files is executed as soon as the victim opens the project in the integrated development environment (IDE). It establishes communication with a remote server (“ip-regions-check.vercel[.]app”) and executes any JavaScript code received from it. The final stage delivered as part of the attack is another heavily obfuscated JavaScript.
Jamf said it discovered yet another change in this campaign, with the threat actors using a previously undocumented infection method to deliver a backdoor that offers remote code execution capabilities on the compromised host. The starting point of the attack chain is no different in that it’s activated when the victim clones and opens a malicious Git repository using VS Code.
“When the project is opened, Visual Studio Code prompts the user to trust the repository author,” Xhaflaire explained. “If that trust is granted, the application automatically processes the repository’s tasks.json configuration file, which can result in embedded arbitrary commands being executed on the system.”
“On macOS systems, this results in the execution of a background shell command that uses nohup bash -c in combination with curl -s to retrieve a JavaScript payload remotely and pipe it directly into the Node.js runtime. This allows execution to continue independently if the Visual Studio Code process is terminated, while suppressing all command output.”
The JavaScript payload, hosted on Vercel, contains the main backdoor logic to establish a persistent execution loop that harvests basic host information and communicates with a remote server to facilitate remote code execution, system fingerprinting, and continuous communication.
In one case, the Apple device management firm said it observed more JavaScript instructions being executed roughly eight minutes after the initial infection. The newly downloaded JavaScript is designed to beacon to the server every five seconds, run additional JavaScript, and erase traces of its activity upon receiving a signal from the operator. It’s suspected that the script may have been generated using an artificial intelligence (AI) tool owing to the presence of inline comments and phrasing in the source code.
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK) are known to specifically go after software engineers, particular those working in cryptocurrency, blockchain, and fintech sectors, as they often tend to have privileged access to financial assets, digital wallets, and technical infrastructure.
Compromising their accounts and systems could allow the attackers unauthorized access to source code, intellectual property, internal systems, and siphon digital assets. These consistent changes to their tactics are seen as an effort to achieve more success in their cyber espionage and financial goals to support the heavily-sanctioned regime.
The development comes as Red Asgard detailed its investigation into a malicious repository that has been found to use a VS Code task configuration to fetch obfuscated JavaScript designed to drop a full-featured backdoor named Tsunami (aka TsunamiKit) along with an XMRig cryptocurrency miner.
Another analysis from Security Alliance last week has also laid out the campaign’s abuse of VS Code tasks in an attack where an unspecified victim was approached on LinkedIn, with the threat actors claiming to be the chief technology officer of a project called Meta2140 and sharing a Notion[.]so link contains a technical assessment and a URL to a Bitbucket repository hosting the malicious code.
Interestingly, the attack chain is engineered to fallback to two other methods: installing a malicious npm dependency named “grayavatar” or running JavaScript code that’s responsible for retrieving a sophisticated Node.js controller, which, in turn, runs five distinct modules to log keystrokes, take screenshots, scans the system’s home directory for sensitive files, substitute wallet addresses copied to the clipboard, credentials from web browsers, and establish a persistent connection to a remote server.
The malware then proceeds to set up a parallel Python environment using a stager script that enables data collection, cryptocurrency mining using XMRig, keylogging, and the deployment of AnyDesk for remote access. It’s worth noting that the Node.js and Python layers are referred to as BeaverTail and InvisibleFerret, respectively.
These findings indicate that the state-sponsored actors are experimenting with multiple delivery methods in tandem to increase the likelihood of success of their attacks.
“This activity highlights the continued evolution of DPRK-linked threat actors, who consistently adapt their tooling and delivery mechanisms to integrate with legitimate developer workflows,” Jamf said. “The abuse of Visual Studio Code task configuration files and Node.js execution demonstrates how these techniques continue to evolve alongside commonly used development tools.”
Tuesday marks one year to the day Trump was inaugurated as president for his second term
On day one, he put the world on notice.
“Nothing will stand in our way,” President Donald Trump declared, to thunderous applause, as he ended his inauguration speech in a cold Washington winter on this day last year, at the start of his second term.
Did the world fail to take enough notice?
Tucked into his speech was a mention of the 19th Century doctrine of “manifest destiny” – the idea that the US was divinely ordained to expand its territory across the continent, spreading American ideals.
At that moment, the Panama Canal was in his sights. “We’re taking it back,” Trump announced.
Now that same declaration, expressed with absolute resolve, is directed at Greenland.
“We have to have it,” is the new mantra. It’s a rude awakening in a moment fraught with grave risk.
US history is littered with consequential and controversial American invasions, occupations, and covert operations to topple rulers and regimes. But, in the past century, no American president has threatened to seize the land of a longtime ally and rule it against their people’s will.
No US leader has so brutally broken political norms and threatened long-standing alliances which have underpinned the world order since the end of World War Two.
There’s little doubt that old rules are being broken, with impunity.
Trump is now being described as possibly the US’s most “transformative” president – cheered by supporters at home and abroad, alarm among others in capitals the world over, and a watchful silence in Moscow and Beijing.
“It’s a shift toward a world without rules, where international law is trampled underfoot, and where the only law which seems to matter is the strongest with imperial ambitions resurfacing,” was French President Emmanuel Macron’s stark warning on the stage at the Davos Economic Forum, without directly mentioning Trump by name.
EPA/Shutterstock
French President Emmanuel Macron spoke at the World Economic Forum on Tuesday but avoided any direct mention of Trump
There is mounting concern over a possible painful trade war, even worry in some circles that the 76-year-old Nato military alliance could now be at risk if, in the worst case scenario, the US commander-in-chief tries to take Greenland by force.
Trump’s defenders are doubling down in support of his “America First” agenda, against the post-war multilateral order.
When asked on BBC Newshour whether seizing Greenland would violate the UN charter, Republican congressman Randy Fine said: “I think the United Nations has abjectly failed in being an entity that supports peace in the world and, frankly, whatever they think, probably doing the opposite’s the right thing.”
Fine introduced a bill called “Greenland Annexation and Statehood Act” in Congress last week.
How do America’s anxious allies respond, when it seems nothing will stand in Trump’s way?
Many phrases have peppered this past year of diplomatic contortions over how best to deal with the US’s unpredictable president and commander-in-chief.
“We need to take him seriously but not literally,” comes from those who insist this can all be sorted out through dialogue.
It’s worked, but only to a point, on trying to forge a united response with Europe to Russia’s blistering war in Ukraine.
Trump often veers, from one week to the next, from espousing positions close to Russia’s, then tilting towards Ukraine, then bolting back into Russia’s orbit again.
“He’s a real estate mogul,” says those who see in Trump’s maximalist positions his deal-making tactics from his New York property days.
There’s an echo of that in his repeated threats of military action against Iran – although it’s clear military options are still on his now crowded table.
He doesn’t talk like a traditional politician,” explains his top diplomat, the US Secretary of State Marco Rubio when he is repeatedly questioned about Trump’s tactics. “He says and then he does,” is his highest praise for his president against what he derides as the dismal record of previous incumbents.
Rubio has been one of the principal voices trying to backpedal Trump’s threats on Greenland, underlining that he wants to buy this vast strategic ice sheet, not invade it.
He pointed out that Trump has been exploring options to purchase the world’s largest island, to counter threats from China and Russia, since his first term in office.
But there is no denying Trump’s bully tactics, his contempt for collective action, his belief that might is right.
“He is a man of transactions and brute power, mafia style power,” says Zanny Minton Beddoes, editor-in-chief of the Economist magazine.
“He doesn’t see the benefit of alliances, he doesn’t see the idea of America as an idea, a set of values; he doesn’t give two hoots about that.”
And he doesn’t hide it.
“Nato is not feared by Russia or China at all. Not even a little bit,” Trump told the New York Times in a wide-ranging interview earlier this month. “We’re tremendously feared.”
If security was the issue, the US already has forces on the ground in Greenland and under a 1951 agreement could send in more troops and open more bases.
“I need to own it,” is how Trump flatly puts it.
And he often makes it clear, “I like to win.” There’s a growing body of proof that’s what it is about.
His policy back flips in the past year have been baffling.
Reuters
Merchandise opposing a US takeover of Greenland, a semi-autonomous territory of Denmark, have appeared in shops in Copenhagen
In the Saudi capital Riyadh in May, we watched how his major speech on his first foreign trip of his second term met a rapturous reception.
Trump took aim at the American “interventionists” whom he excoriated for having “wrecked far more nations than they built… in complex societies that they did not even understand themselves.”
In June when Israel attacked Iran, Trump reportedly warned Israel’s Prime Minister Benjamin Netanyahu not to put his diplomacy at risk with his military threats against Tehran.
“Sane-washing” was the phrase coined months ago by Edward Luce of the Financial Times to describe the world’s polite portrayals of Trump, the succession of leaders landing at his door with glittering gifts and gilded praise to try to win him over to their side.
“Trump’s apologists – a more numerous crowd than true believers – work round the clock to sane-wash his policies into something coherent,” Luce wrote in his latest column.
Reuters
Trump met Saudi Crown Prince Mohammed Bin Salman in Riyadh in May 2025
It was on full display last October when leaders the world over were summoned to join him at the Egyptian Red Sea resort of Sharm El-Sheikh to celebrate his ringing declaration that “at long last we have peace in the Middle East” for the first time in “3,000 years.”
The first significant phase of his peace plan had brought about a desperately needed ceasefire in Gaza and the urgent release of Israeli hostages.
But it wasn’t – sadly – the dawn of peace. No-one there said the quiet part out loud.
Last year Trump’s approach was framed as manifest destiny. This year it’s the early 19th Century Monroe Doctrine now updated, since the Venezuela invasion, as the “Donroe Doctrine.”
President Trump now owns it, bolstered by his fervent backers on his team, with his belief that America can act at will in its backyard, and beyond, to protect American interests.
Reuters
In October, Benjamin Netanyahu called Trump the “greatest friend” Israel had ever had in the White House
Sometimes he is called an isolationist, sometimes an interventionist. But there’s always that slogan which returned him to power – Make America Great Again.
And his letter to Norway’s Prime Minister Jonas Gahr Støre highlighted his obsessive pique over not winning this year’s Nobel Peace Prize.
Trump informed Støre: “I no longer feel an obligation to think purely of peace, although it will always be predominant, but can now think about what is good and proper for the United States of America.”
“It’s a good day to have a Nordic temperament,” Norway’s Foreign Minister Espen Barth Eide diplomatically remarked to me when I asked about this moment.
Norway has been calm, with ice-hard firmness, in its defence of Greenland and Denmark and collective security in the Arctic.
European responses still stretch across this slippery political ice.
Macron has vowed to launch the EU’s “trade bazooka” of counter-tariffs and restricting access to the EU’s lucrative market.
Italian Prime Minister Giorgia Meloni, one of the American president’s closest European allies, has vaguely spoken of a “problem of understanding and miscommunication.”
UK Prime Minister Sir Keir Starmer has strongly and publicly defended Greenland’s territorial integrity but wants to protect the strong personal bond he’s built over the past year by avoiding retaliatory tariffs.
Reuters
Sir Keir Starmer has maintained a largely cordial relationship with Trump since he started his second term as president
The gloves are off for Trump as he posts the private messages he’s receiving from leaders using the old tools of statecraft to try to keep him on side.
“Let us have a dinner in Paris together on Thursday before you go back to the US,” suggested the French president who also queried, in the midst of praise for other foreign policy successes, “I do not understand what you are doing on Greenland”.
“Can’t wait to see you”, wrote Nato Secretary General Mark Rutte, who once called Trump “daddy” for his forceful handling of the Iran-Israel 12-day war last year.
Nato boss commends ‘daddy’ Trump’s handling of Israel-Iran conflict
Rutte, and others, have credited Trump’s blunt threats for forcing Nato members to significantly increase their defence spending in recent years.
Trump’s warnings, going back to his first term, accelerated a trend called for by previous US presidents and started by Nato members themselves in the shadow of Russian threats.
On the other side of the Atlantic, the country which has long lived in America’s shadow has been trying to forge a different path forward, albeit with challenges of their own.
It was the first visit by a Canadian leader to Beijing since 2017, after years of sharp tension, and it sent a clear signal of this fast changing world.
Watch: Canada-China trade relationship “more predictable” than with US, says Carney
Trump’s astonishing threat to annex his neighbour to the north surfaced again this week in a post on social media which showed the western hemisphere, including Canada and Greenland, covered in stars and stripes.
Canadians know there’s still a risk they could be next.
He responded “dollar for dollar” from the start, imposing retaliatory tariffs – until it became too painful for the much smaller Canadian economy, which sends more than 70% of its trade south of its border.
When Carney took to the stage at Davos on Tuesday, he also focused on this jarring juncture.
“American hegemony in particular, helped provide public goods, open sea lanes, a stable financial system, collective security and support for frameworks for resolving disputes,” he said, adding bluntly: “We are in the midst of a rupture, not a transition.”
On Wednesday Trump will speak from that same podium with the world watching.
Asked by the New York Times this month what could stop him, Trump replied: “My own morality. My own mind. It’s the only thing that can stop me.”
That’s what lies behind an armada of allies now seeking to persuade, flatter, force him – to change his mind.
Mossos
