Quordle was one of the original Wordle alternatives and is still going strong now more than 1,400 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc’s Wordle today column covers the original viral word game.

A WIRED investigation based on Department of Homeland Security records this week revealed the identities of paramilitary Border Patrol agents who frequently used force against civilians during Operation Midway Blitz in Chicago last fall. Several of the agents, WIRED found, appeared in similar operations in other states around the US.

Customs and Border Protection may want to remember to protect its sensitive facility information. Using basic Google searches, WIRED discovered flashcards made by users of the online learning platform Quizlet that contained gate codes to CBP facilities and more.

In a rare move, Apple this week released “backported” patches for iOS 18 to protect millions of people still using the older operating system from the DarkSword hacking technique that was found in use in the wild. Discovered in March, DarkSword allows attackers to infect iPhones that simply visit a website loaded with the takeover tools embedded in it. Apple initially pushed users to update to the current version of its operating system, iOS 26, but ultimately issued the iOS 18 patches after DarkSword continued to spread.

The US-Israel war with Iran careened into its second month this week, with Iran threatening to launch attacks against more than a dozen US companies, including tech giants like Apple, Google, and Microsoft, which have offices and data centers in the Gulf region. The deadly conflict, which has no clear end in sight, continues to wreak havoc on the global economy as shipping crews remain stranded in the Strait of Hormuz, a key trade route. Meanwhile, some are beginning to wonder what could happen if US strikes cause real damage to Iran’s nuclear facilities.

And that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Earlier this week, a security researcher flagged that Anthropic accidentally made the source code for its popular vibe-coding tool, Claude Code, public. Immediately, people began reposting the code on the developer platform GitHub. But beware if you want to try to download some of those repos yourself: BleepingComputer reports that some of the posters are actually hackers who have tucked a piece of infostealer malware into the lines of code.

Anthropic, for its part, has been trying to remove copies of the leak (malware-ridden or not) by issuing copyright takedown notices. The Wall Street Journal reported that the company initially tried to remove more than 8,000 repositories on GitHub but later narrowed that down to 96 copies and adaptations.

This isn’t the first time that hackers have capitalized on interest in Claude Code, which requires users who might not be as familiar with their computer’s terminal to copy and paste install commands from a website. In March, 404 Media reported that sponsored ads on Google led to sites that were masquerading as official Claude Code installation guides, which directed users to run a command that would actually download malware.

The FBI formally classified a recent cyber intrusion into one of its surveillance collection systems as a “major incident” under FISMA—a legal designation reserved for breaches believed to pose serious risks to national security. The determination, reported to Congress earlier this week, is understood to be the first time since at least 2020 that the bureau has declared a major incident on its own systems. Politico, citing two unnamed senior Trump administration officials, reported that China is believed to be behind the intrusion. If confirmed, the breach could mark a significant counterintelligence failure for the FBI.

The FBI said it detected “suspicious activities” on its networks in February. In a notice to Congress on March 4, reviewed by Politico, the bureau said the compromised systems were unclassified and held “returns from legal process,” citing, as examples, phone and internet metadata collected under court orders and personal information “pertaining to subjects of FBI investigations.” The intruders reportedly gained access through a commercial internet service provider, an approach the FBI characterized as reflecting “sophisticated tactics.” In its only public statement, the bureau said it had deployed “all technical capabilities to respond.”

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.

Strands is the NYT’s latest word game after the likes of Wordle, Spelling Bee and Connections – and it’s great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc’s Wordle today page for the original viral word game.

When a wave of unusual activity swept through Syrian government accounts on X in March, it first looked like pure chaos—trolling, parody names, and even explicit content. But beneath the noise lay something far more telling: a state still struggling with the most basic layer of its cybersecurity.

In early March, several official Syrian government accounts on X—including those linked to the presidency’s General Secretariat, the Central Bank, and multiple ministries—were hacked. The compromised profiles posted “Glory to Israel,” retweeted explicit material, and briefly renamed themselves after Israeli leaders.

Authorities moved to restore control within days, with the Ministry of Communications and Information Technology announcing “urgent steps” to recover the accounts and prevent further breaches. Yet what remained unsettled was the deeper question: How secure is the state’s digital front door?

In a government now dependent on commercial platforms for communication, losing a verified account doesn’t just disrupt messaging—it silences the state’s voice.

When the State Stops Speaking for Itself

At first glance, the breach appeared politically charged. Pro‑Israel messages circulating on verified government accounts during a tense regional moment fueled speculation over motive and attribution. No group claimed responsibility, and officials did not clarify whether internal systems were compromised.

To analysts, the episode pointed less to a geopolitically driven hack and more to a familiar, systemic weakness.

“We still do not know exactly what happened. Whether the accounts were directly hacked or accessed through weak or reused credentials, the conclusion is much the same: very poor digital security practices,” says Noura Aljizawi, a senior researcher at the Citizen Lab, a research organization that monitors threats to civil society in the digital age.

The ministry said it had coordinated with account administrators and X to “restore control and strengthen security,” promising new regulatory measures soon. The perpetrators have not been publicly identified.

One Weak Link, Multiple Accounts

Before the accounts were recovered, several displayed identical pro‑Israel messaging—a detail that suggested shared credentials or centralized access, according to platform monitoring data.

That assessment was echoed across the cybersecurity community.

“The fact that several official X accounts seemed to fall in quick succession suggested some form of centralized control, possibly with the same credentials used across multiple accounts,” says Muhannad Abo Hajia, cybersecurity expert at Damascus-based group Sanad. “That kind of setup is not inherently wrong, but only if proper safeguards are in place.”

Experts say this pattern is consistent with common failures: password reuse, phishing attempts, compromised recovery channels, or the absence of multifactor authentication (MFA). In practice, one careless password or a single compromised recovery email could give outsiders control of multiple institutions.

“Account takeovers of this kind are common enough globally and usually result from familiar vulnerabilities: phishing, password reuse, compromised recovery emails, weak credentials, or the absence of MFA,” says Rinad Bouhadir, a cybersecurity engineer tracking the region.

A System Built on Fragile Foundations

The breach, specialists say, reflects not a targeted cyber‑offensive but deeper structural flaws.

“The current authorities inherited a near-nonexistent cybersecurity system and have yet to treat repairing it as a real priority,” says Dlshad Othman, a Syrian cybersecurity specialist.

He believes the incident likely stemmed from either a centralized unit managing several official accounts or a shared third‑party tool used across ministries—both of which create a single point of failure.

That design makes multiple agencies vulnerable at once. In moments of heightened tension, even one falsified post from a verified government account could stoke panic, misreporting, or escalation before correction.

A verified government account can be weaponized to spread false information in real time, particularly during periods of regional escalation, when confusion carries immediate real-world risk.

The Artemis II crew is almost at the moon, and the astronauts spent this weekend carrying out preparations for their lunar flyby on Monday. That included manual piloting demonstrations, reviewing their science objectives for the six-hour observation period and evaluating their space suits, which are there for life support in the event of an emergency and for their return home. But, they’ve had plenty of time to take in the views, too — and those views sure are spectacular. In the latest series of images shared by the space agency, the astronauts are seen gazing at Earth through the windows of the Orion spacecraft.

Orion will reach the moon’s vicinity shortly after midnight on Monday, April 6. Later that day, the crew is expected to reach a point farther than any humans have traveled from Earth, surpassing the record of 248,655 miles from Earth set by the Apollo 13 astronauts in 1970.

The lunar observation period will start at 2:45PM ET, and a few hours later, they’ll be behind the moon and briefly drop out of communication. The spacecraft’s closest approach to the moon is expected to occur at 7:02PM, when it will be 4,066 miles from the surface. “From that distance, the crew will see the entire disk of the Moon at once, including regions near the north and south poles,” according to NASA. The crew will later get a chance to see a solar eclipse “as Orion, the Moon, and the Sun align in such a way that the astronauts will see our star disappear behind the Moon for about an hour.” NASA will have coverage of the flyby starting at 1PM ET.