Amid horrific threats from United States president Donald Trump as the US and Iran negotiated a ceasefire, the US government warned this week that Iran-linked hackers were carrying out attacks against US energy and water infrastructure targets. With nearly one in five people in Lebanon displaced by Israeli attacks, the government is attempting to manage the crisis without modern digital infrastructure and an emergency system that is barely hanging on. Plus, a WIRED analysis looked at Syrian government account hijacks in March and the inadequacies they expose in Syria’s baseline cybersecurity defenses.

Amid rising fears of political violence, a WIRED investigation found that US political candidates are spending more on security, including purchasing equipment like home alarms and bulletproof vests. And recent research looking at Telegram groups found that men are sharing thousands of nonconsensual images of women and girls, purchasing spyware to use against their wives and friends, and engaging in doxing and sexual abuse. Meanwhile, as governments scramble to address growing industrial scamming originating from Southeast Asia, China has emerged as the biggest enforcer, but also a selective one, resulting in crime syndicates shifting their focus abroad to avoid Chinese targets.

Anthropic formally announced its new Claude Mythos Preview model this week and said that for now it will only make the model available to a select group of a few dozen leading tech and financial organizations, including Apple, Microsoft, Google, and the Linux Foundation. The consortium, dubbed Project Glasswing, will explore Mythos Preview’s advanced hacking and other cybersecurity capabilities and assess the best ways to improve software and hardware defenses before capabilities like the ones in Mythos Preview proliferate more broadly across other models and inevitably end up in the hands of attackers. The announcements sparked controversy about whether Mythos Preview and similar capabilities will truly be as consequential for cybersecurity as Anthropic says. Experts told WIRED that while it may not be a dramatic catastrophe, it is important for defenders to come together and use their early access to make changes in how software is developed and how organizations around the world invest in patching.

Finally, a WIRED investigation found that nonprofit groups linked to Customs and Border Protection facilities were selling challenge coins that celebrated the Trump administration’s immigration raids, including one coin that depicted Charlotte’s Web characters in riot gear.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The FBI recently got its hands on copies of encrypted Signal messages being sent to a defendant’s iPhone because the contents of those messages were included in push notifications, 404 Media reports. Even though Signal had been removed from the phone prior to it being seized by the FBI, the notifications still lived on in the phone’s internal memory.

The issue affects all apps that send push notifications, not just Signal, but users of that app can adjust their settings to not show the content of a message or the name of the sender in push notifications. To adjust your settings for notifications going forward, open Signal and go to Settings, then Notifications, and change the option to Name Only or No Name or Content.

Despite the tenuous and contested ceasefire enacted in the US-Israel war with Iran, tens of millions of ordinary Iranians are still without regular and reliable internet connectivity. The regime-imposed internet blackout, which started during the first hours of the war on February 28, is now reaching the 1,000 hour point, according to internet monitoring group NetBlocks. In recent weeks, the internet shutdown has become the longest in Iranian history and one of the longest worldwide—depriving Iranians of accurate news about the war, stopping them contacting family and loved ones, and causing further economic harm to the nation. US-based Iranian digital rights project Filter Watch has detailed how the Iranian regime, while being bombarded during the conflict, has labeled anti-censorship tools as “malicious” and claimed to have arrested individuals using Starlink internet connections to get around the block.

The FBI’s annual internet crime report typically paints a bleak picture: year-on-year, the number of cybercrime reports increases and the amount of money lost by Americans shoots up. Unfortunately, 2025 was no different. Last year, according to the FBI’s annual report, losses reported to the Internet Crime Complaint Center topped $20 billion—an increase of 26 percent compared to 2024. More than half of these reported losses ($11.3 billion) were linked to cryptocurrency scams, often through fraudulent investment schemes, according to the FBI. Business email compromise, tech and customer support scams, personal data breaches, and confidence or romance scams, make up the other most common crime reports. Crimes mentioning AI led to $893 million in losses.

Google this week expanded Gmail’s end-to-end encryption to its Android and iOS apps, allowing enterprise users to compose and read E2EE messages natively on mobile for the first time without separate apps or mail portals required. Encrypted emails appear as standard threads in the Gmail app for recipients using Gmail, while those on other providers can access them via a secure browser view. This rollout builds on the client-side encryption model introduced to Google Workspace web users in April 2025, where messages are encrypted with customer-controlled keys, preventing Google from accessing their contents. The approach is particularly appealing for organizations with strict compliance requirements, including HIPAA, export controls, and data sovereignty regulations.

Access, however, remains limited: The feature is available only to Google Workspace Enterprise Plus customers with the Assured Controls or Assured Controls Plus add-on, and is not supported for personal Gmail accounts. Administrators must also explicitly enable the Android and iOS clients in the admin interface before eligible users can access the feature, which is off by default. End users then toggle encryption per-message by tapping the lock icon and selecting “Additional encryption,” mirroring the web workflow. The rollout is available immediately to both Rapid Release and Scheduled Release domains.

There’s a long history of devices originally used for communication being made into computers, with relay switching circuits, vacuum tubes, and transistors being some well-known examples. In a smaller way, pneumatic tubes likewise deserve a place on the list; [soiboi soft], for example, has used pneumatic systems to build actuators, logic systems, and displays, including this latching seven-segment display.

Each segment in the display is made of a cavity behind a silicone sheet; when a vacuum is applied, the front sheet is pulled into the cavity. A vacuum-controlled switch (much like a transistor, as we’ve covered before) connects to the cavity, so that each segment can be latched open or closed. Each segment has two control lines: one to pressurize or depressurize the cavity, and one to control the switch. The overall display has four seven-segment digits, with seven common data lines and four control lines, one for each digit.

The display is built in five layers: the front display membrane, a frame to clamp this in place, the chamber bodies, the membrane which forms the switches, and the control channels. The membranes were cast in silicone using 3D-printed molds, and the other parts were 3D-printed on a glass build plate to get a sufficiently smooth, leak-free surface. As it was, the display used a truly intimidating number of fasteners to ensure airtight connections between the different layers. [soiboi soft] used the display for a clock, so it sits at the front of a 3D-printed enclosure containing an Arduino, a small vacuum pump, and solenoid valves.

This capacity for latching and switching, combined with pneumatic actuators, raises the interesting possibility of purely air-powered robots. It’s even possible to 3D-print pneumatic channels by using a custom nozzle.

Thanks to [Norbert Mezei] for the tip!

Early in March, X (formerly Twitter) started testing a dedicated app called XChat among thousands of beta testers. It appears that the test phase is over and the app is ready for its public rollout. The Elon Musk-owned company has announced that XChat is now listed on the App Store, with a wide launch lined up in the coming days. 

What’s the big play? 

The chat app’s listing page on the App Store mentions a release date of April 17, and it will be available simultaneously for iPhone and iPad. As far as features go, the XChat app is advertising end-to-end encryption as one of its highlight features. For the unaware, E2E is currently deemed the safest security protocol to ensure that your messages are private, and no middleman or third-party (including the company that built the platform) can read your conversations. 

WhatsApp and Signal, for example, implement it by default. On Instagram and Telegram, there’s a dedicated private chats feature that relies on end-to-end encryption to protect your messages.

Circling back to XChat, it will also enable screenshot blocking, which means no participant in the conversation can take a screengrab of the chats. The app will let users edit or delete sent messages, and will also let them send disappearing messages. Calling and group chats will also be a part of the package.

AI models now surpass most humans at finding and exploiting software vulnerabilities, said Anthropic.

A new Anthropic project will see global companies use Claude as part of their defence security systems.

‘Project Glasswing’ gives partnering companies access to Anthropic’s unreleased Claude Mythos, which, according to the AI giant, has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Mythos was launched in preview yesterday (7 April).

Anthropic’s Mythos preview is significantly more capable at generating exploits. In its research, the company noted that Mythos developed working exploits 181 times out of the several hundred attempts, while Opus 4.6 had a near 0pc success rate.

“We did not explicitly train Mythos preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning and autonomy,” the company noted. Publications, including the New York Times and the Register have warned against the negative consequences of models such as Mythos falling into the hands of bad actors.

Fortunately, Anthropic has chosen not to release the model. Instead, the company is bringing together leading businesses, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks, allowing them to access Mythos preview to boost their cyber defences.

The company has extended Mythos access to a group of more than 40 organisations that build or maintain critical software infrastructure.

“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” said Anthropic.

Anthropic has promised to share learnings from Project Glasswing to benefit the wider industry. The company has also made a commitment of up to $100m in usage credits for Mythos preview across the project, as well as $4m in direct donations to open-source security organisations.

The Claude-maker has also hired Eric Boyd, the long-term president of AI platforms at Microsoft, to lead as the company’s head of infrastructure.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Specialized’s proprietary, 700-watt motor feels natural—sometimes to an annoying extent, as the bike is designed for you to pedal and you won’t get faster than 10 mph just by using the throttle. Also, there’s no option for a dual battery. Still, the battery well exceeded Specialized’s estimated 60-mile range. Granted, I am a small person, but I was usually hauling at least one other person on the bike with me at all times, so I still found this remarkable.

It’s easily adjustable—both my 5’10” husband and my 5’2″ self were able to switch off riding, which is important if this is your family’s all-purpose hauler. The display is intuitive, and the buttons are well-spaced apart so you don’t get confused or end up button-mashing. Also, Specialized’s accessories go a long way toward making this bike so much more useful. Yes, you could jerry-rig some Home Depot buckets to the front of your bike and drill holes in the bottoms for them to drain, but the Coolcave panniers ($90) are so much more attractive, easy to use, and helpful for carting everything from kid dioramas to a dozen tiny soccer balls.

Best Value

The vast majority of people I know who buy a cargo ebike with their own money choose the Lectric XPedition2. There is just no better value for a dual-battery long-tail cargo ebike. Out of the box, Lectric has also gone above and beyond to make its bikes and accessories easy to assemble and use. You even pop the pedals in, instead of using regular screw-on pedals.

This bike’s specs are also wild for the price. It has a 1,310-watt rear hub motor, twice as powerful as the already-powerful Globe Haul. (It has a throttle and is a Class 2 ebike out of the box, though you can use the display to unlock its Class 3 capabilities and assist up to 28 mph.) It has hydraulic disc brakes, front suspension, an incredibly large and bright LCD color display, integrated lights, and fenders.

The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an architectural problem, not a user education problem.

In February 2026, TechRepublic reported that Figure, a financial services company, exposed nearly 967,200 email records in a newly disclosed data breach. No vulnerability was chained. No zero-day was burned. The records were accessible, and now they are in adversary hands.

Coverage of breaches like this tends to stop at the count. That is the wrong place to stop. The number of exposed records is not the event — it is the starting inventory for the event that follows.

To understand the actual risk, you have to follow the attack chain that a credential exposure like this enables, step by step, and ask honestly whether the authentication controls in your environment can interrupt it at any point.

Most cannot. Here is why.

What Adversaries Do With 967,000 Email Records

Exposed email addresses are not static data. They are operational inputs. Within hours of a record set like this becoming available, adversaries are running it through several parallel workflows simultaneously.

The first is credential stuffing. Figure customers and employees almost certainly reused passwords across services. Adversaries combine the exposed addresses with breach databases from prior incidents — LinkedIn, Dropbox, RockYou2024 — and test the resulting pairs against enterprise portals, VPN gateways, Microsoft 365, Okta, and identity providers at scale. Automation handles the volume.

Success rates on credential stuffing campaigns against fresh email lists routinely run at two to three percent. On 967,000 records, that is 19,000 to 29,000 valid credential pairs.

The second workflow is targeted phishing. AI-assisted tooling can now generate personalized phishing campaigns from an email list in minutes. The messages reference the organization by name, impersonate internal communications, and are visually indistinguishable from legitimate correspondence.

Recipient-specific targeting — using job title, department, or public LinkedIn data to tailor the lure — is standard practice, not a capability reserved for nation-state actors.

The third is help desk social engineering. Armed with a valid email address and basic OSINT, adversaries impersonate employees in calls to IT support teams, requesting password resets, MFA device resets, or account unlocks.

This attack vector bypasses authentication technology entirely — it targets the human process that exists to handle authentication failures.

In each of these workflows, no technical vulnerability is required. The adversary’s goal is not to break in. It is to log in as a valid user. The breach does not create access. It creates the conditions under which access becomes achievable through the authentication system itself.

Why Legacy MFA Cannot Interrupt This Chain

This is the part of the analysis that most incident post-mortems underweight. Organizations read about a credential exposure and conclude that their MFA deployment protects them. For the attack chain described above, that conclusion is structurally incorrect.

Modern adversary tooling executes what security researchers call a real-time phishing relay, sometimes referred to as an adversary-in-the-middle (AiTM) attack. The mechanics are precise.

An adversary builds a reverse proxy that sits between the victim and the legitimate service. When the victim enters credentials on the spoofed page, the proxy forwards those credentials to the real site in real time.

The real site responds with an MFA challenge. The proxy forwards that challenge to the victim. The victim responds — because the page looks legitimate and the MFA prompt is real. The proxy forwards the response. The adversary receives an authenticated session.

Push notification MFA, SMS one-time codes, and TOTP authenticator apps are all vulnerable to this relay. They authenticate the exchange of a code. They do not verify that the individual completing the exchange is the authorized account holder. They cannot distinguish a direct session from a proxied one.

Toolkits that automate this attack — Evilginx, Modlishka, Muraena, and their derivatives — are publicly available, actively maintained, and require no advanced tradecraft to operate. The capability is not exotic. It is the baseline.

MFA fatigue compounds this. Adversaries who obtain valid credentials but cannot relay the session in real time will instead trigger repeated push notifications until a user approves one out of frustration or confusion. This attack has been used successfully against organizations with mature security programs, including in incidents that received significant public coverage.

The common thread across all of these techniques: legacy MFA places a human being at the final decision point of the authentication chain, then relies on that human to make the correct call under conditions specifically engineered to defeat it.

The Structural Problem Legacy MFA Cannot Solve

The security industry’s standard response to authentication failures is user education. Train people to recognize phishing. Teach them to verify unexpected MFA prompts. Remind them not to approve requests they did not initiate.

This response is not wrong. It is insufficient, and the insufficiency is architectural, not motivational.

A relay attack does not require a user to recognize a phishing page. The MFA prompt they receive is real, issued by the legitimate service, delivered through the same app they use every day. There is nothing anomalous for the user to detect. The attack is designed to be invisible to the human in the loop — and it is.

The deeper problem is that the authentication architecture most organizations have deployed was not designed to answer the question that actually matters in a post-breach environment: was the authorized individual physically present and biometrically verified at the moment of authentication?

Push notifications do not answer this question. SMS codes do not answer this question. TOTP does not answer this question. USB hardware tokens answer a related but different question — they prove the registered device was present, not the authorized person.

Auditors, regulators, and cyber insurers are increasingly drawing this distinction explicitly. The question “can you prove the authorized individual was there?” is appearing in CMMC assessments, NYDFS examinations, and underwriter questionnaires. Device presence is no longer accepted as a proxy for human presence in high-stakes access contexts.

What Phishing-Resistant Authentication Actually Requires

FIDO2/WebAuthn gets cited frequently in this conversation, and it is a meaningful step forward — but it is not sufficient on its own. Standard passkey implementations bind the credential to a device or cloud account.

Cloud-synced passkeys inherit the vulnerabilities of the cloud account: SIM swap attacks against the recovery phone number, account takeover via credential phishing, recovery flow exploitation. Device-bound passkeys prove device possession. They do not prove human presence.

Phishing-resistant authentication that closes the relay attack vector requires three properties simultaneously:

• Cryptographic origin binding: the authentication credential is mathematically tied to the exact origin domain. A spoofed site cannot produce a valid signature because the domain does not match. The attack fails before any credential is transmitted.
• Hardware-bound private keys that never leave secure hardware: the signing key cannot be exported, copied, or exfiltrated. Compromise of the endpoint does not compromise the credential.
• Live biometric verification of the authorized individual: not a stored biometric template that can be replayed, but a real-time match that confirms the authorized person is physically present at the moment of authentication.

When all three properties are present, a relay attack has no viable path. The adversary cannot produce a valid cryptographic signature from a spoofed site. They cannot relay a session because the cryptographic binding fails the moment the origin changes.

They cannot use a stolen device because the biometric verification fails without the authorized individual. They cannot social-engineer an approval because there is no approval prompt — the authentication either completes with a live biometric match at the registered hardware, or it does not complete.

Token: Cryptographic Identity That Verifies the Human, Not the Device

TokenCore was built on a single, uncompromising principle: verify the human, not the device, credential, or session.

Most authentication products add factors to a weak foundation. Token replaces the foundation. The platform combines enforced biometrics, hardware-bound cryptographic authentication, and physical proximity verification — three properties that must all be satisfied simultaneously for access to be granted.

There is no fallback. There is no bypass code a user can enter in the field. The authorized individual is either present and verified, or access does not occur.

This matters precisely because of the attack chain described above. Token’s Biometric Assured Identity platform eliminates each link:

• No Phishing. Every authentication is cryptographically bound to the exact origin domain. A spoofed login page produces no valid signature — Token simply refuses to authenticate.
• No Replay. The private signing key never leaves the hardware. A relayed session cannot be reconstructed because the cryptographic material it would need to replicate is physically inaccessible.
• No Delegation. A live fingerprint match is required for every authentication event. A colleague, an adversary with a stolen device, or a social engineering target cannot complete authentication on behalf of the authorized individual.
• No Exceptions. There is no code, no recovery flow, and no help-desk override that can substitute for biometric presence. The control is absolute because the risk is absolute.

The form factor matters too. Token is wireless — Bluetooth proximity, no USB port required. Authentication takes one to three seconds: the user initiates a session, taps their fingerprint on the Token device, Bluetooth proximity confirms physical presence within three feet, and access is granted.

For on-call administrators, trading floor operators, and defense contractors working across multiple workstations, this eliminates the friction that drives the shadow IT and workaround behavior legacy hardware tokens create.

Unlike USB-based alternatives, Token is field-upgradeable over the air. As adversaries evolve their tooling, Token’s cryptographic controls can be updated remotely and immediately — without replacing hardware or reissuing devices. The investment does not expire when the threat landscape changes.

Token verifies the human. Not the session. Not the device. Not the code. The human.

Advertisement

The Honest Assessment

The Figure breach will produce downstream authentication attacks. So will the next breach, and the one after that. The adversary infrastructure that runs credential stuffing, AI-generated phishing, and real-time relay attacks operates continuously against exposed email records.

The question is not whether these attacks will be attempted against your environment. They will be.

The relevant question is whether your authentication architecture requires human judgment to succeed — or whether it is designed so that human judgment is not the failure point.

Legacy MFA, in all of its common forms, requires human judgment. A user must recognize the anomaly, question the prompt, and make the correct decision under adversarial pressure. That is a brittle dependency at a critical control point, and adversaries have built an entire toolchain to exploit it.

Token removes that dependency. The device signs for the legitimate domain with a confirmed biometric match — or it does nothing. There is no prompt to manipulate. There is no decision to engineer. There are no exceptions.

That is not a feature. It is the architectural requirement for authentication that holds under the conditions this breach, and every breach like it, creates.

See How Token Closes the Gap

Token’s Biometric Assured Identity platform is built for organizations where authentication failure is not an acceptable outcome — defense contractors, financial institutions, critical infrastructure, and enterprise environments with high-privilege access requirements.

Cryptographic. Biometric. Wireless. No phishing. No replay. No delegation. No exceptions.

Learn more. Visit tokencore.com.

Sponsored and written by Token.

from the fuck-em-for-being-human-beings,-I-guess dept

I’m not here to cut the Trump administration any slack or engage in both-sides bullshit, but this is something that has always been true: we treat anyone imprisoned or detained as less than human. The dehumanization begins with something we call “processing” — a word that separates a human from their humanity by making them sound like nothing more than paperwork.

The horrors seen in jails and prisons are often compounded at immigrant detention facilities. While some duty of less-than-minimal care might be extended to imprisoned US citizens, it’s far more often ignored when federal officers believe (mistakenly) that migrants aren’t protected by the Constitution.

The litany of violations stretches back forever. Techdirt doesn’t stretch back quite that far, but let’s take a stroll down memory lane.

From 2022, back when Biden was still in office and people like me were thinking no one would ever elect Trump to office again:

ICE’s ‘Fierce Commitment’ To Ensuring Detainees Are Cared For Properly Includes Inadequate Staffing, Unsanitary Facilities

That’s taken from a report demanding (“Management Alert”) the immediate removal of all detainees from this New Mexico detention center due to numerous violations, including a shortage of 112 employees and no less than 83 cells with “inoperable” sinks and toilets.

Going back further to Trump’s first administration:

Report Shows ICE Almost Never Punishes Contractors Housing Detainees No Matter How Many Violations They Rack Up

In this Inspector General’s report, we learned that only 28 of 106 contractors were provided with the tools needed to meet minimum “performance standards.” We also learned that the $3.9 billion being thrown to private contractors was shored up by absolutely no level of accountability. ICE approved 96% of waivers requested by contractors who failed to meet minimum housing standards for detainees.

While it’s been a persistent problem, things are significantly worse now. The Trump administration is detaining more migrants than ever before. It’s also far more willing to pawn these duties off on private prison contractors who prioritize making money over taking care of the people thrust into their care by Trump’s top bigots.

On top of that, the administration is fighting wars on several litigation fronts in hopes of preventing any form of oversight from slowing its roll towards total migrant annihilation. Everything that was bad before is getting so much worse.

Thanks to the White House Merchant of Death, RFK Jr., measles outbreaks are being reported at detention facilities. Thanks to absolutely every-fucking-body else in the administration, reports of inhumane conditions are somehow still on the rise, even after years of regularly reported inhuman conditions at ICE facilities.

Here’s even more. At a facility where guards were caught setting up suicide “death pools” for inmates, more evidence of deliberate cruelty and inhumane treatment has surfaced. The host of ongoing atrocities is none other than Camp East Montana, comfortably nestled in the heartland of the “who gives a fuck about immigrants” Fifth Circuit: El Paso, Texas.

Here’s the New York Times with the details of more man’s inhumanity to man, as personified by “immigration enforcement” forces of Trump’s second term.

An inspection in February of Camp East Montana in Texas, one of the country’s largest immigration detention centers, found dozens of violations of national standards, including instances that may have exposed detainees to illnesses and uses of force that were not documented, a new report found.

[…]

The inspection, which was carried out by the agency over three days in February and included interviews with 49 detainees, found that there were at least 49 overall “deficiencies” from national standards at the camp. Of all the deficiencies, 22 involved use of force and restraints, and five involved issues related to medical care. 

Advertisement

ICE actually released this inspection report. However, it did make sure names were changed redacted to protect the innocent guilty. While it’s uncharacteristically protective of the inspectors, it also makes sure we may never know which “Creative Corrections” employees helped make this detention center the hell hole it is.

Other censorship by the administration deliberately denies Americans access to the facts. What possible purpose is served here, other than allowing the government to pretend its rights violations were somehow excused by the [redacted] passage of time?

The government not only censored the number of detainee files reviewed, but also the ratio of files in noncompliance. What escapes ICE’s black-boxed attempts to redeem itself is this, which is plenty damning on its own:

[I]nitial classification process and initial housing assignments were not completed within 12 hours of detainees’ admission […]; rather they were completed 14 hours to 25 days after [admission]…

Everything that might show how often (or how frequently) violations occurred has been removed. It’s a deliberate muddying of the statistical waters. Who knows what’s behind the black box? It could mean rights were violated 10% of the time. Or it could mean rights were violated almost every time. But we the people — you know, the ones expected to foot the bill for this bullshit — aren’t allowed to know the actual details of what’s being done in our names.

If the government wants to play it that way, fine. We’ll just assume the worst and dare it to provide evidence to the contrary. And we know it never will. If or when the government decides to unredact this report, it will undoubtedly show us what we’ve always assumed: The administration and its contractors routinely abused detainees and violated their rights because the people in charge made it clear they don’t consider migrants to be humans.

And that makes this news as inevitable as it is deplorable:

So far this year, 14 people have died in U.S. Immigration and Customs Enforcement custody, including a Mexican man who was found unresponsive last week at a facility outside Los Angeles, according to data from the Department of Homeland Security.

If that seems like a low (or worse, an acceptable) number of deaths, think again:

In 2025, ICE reported 33 total in-custody deaths and in 2024 there were 11.

Deaths in ICE custody tripled under Trump during his first year back in office. If this pace continues, we’ll be looking at 56 in-custody deaths, which would nearly double the same number Trump managed to triple in 2025.

This will only get worse. The administration is still trying to buy up any warehouses it can to repurpose as detention centers. The workload is being stretched even thinner, leaving private citizens more poorly trained than current ICE officers in charge of the lives and well-being of thousands of detainees. The misery and death will continue. Unfortunately for us, this administration not only welcomes blood on its hands, but revels in it.

Filed Under: camp east montana, detention centers, dhs, el paso, ice, mass deportation, rights violations, trump administration

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.