Quordle was one of the original Wordle alternatives and is still going strong now more than 1,400 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc’s Wordle today column covers the original viral word game.

A WIRED investigation based on Department of Homeland Security records this week revealed the identities of paramilitary Border Patrol agents who frequently used force against civilians during Operation Midway Blitz in Chicago last fall. Several of the agents, WIRED found, appeared in similar operations in other states around the US.

Customs and Border Protection may want to remember to protect its sensitive facility information. Using basic Google searches, WIRED discovered flashcards made by users of the online learning platform Quizlet that contained gate codes to CBP facilities and more.

In a rare move, Apple this week released “backported” patches for iOS 18 to protect millions of people still using the older operating system from the DarkSword hacking technique that was found in use in the wild. Discovered in March, DarkSword allows attackers to infect iPhones that simply visit a website loaded with the takeover tools embedded in it. Apple initially pushed users to update to the current version of its operating system, iOS 26, but ultimately issued the iOS 18 patches after DarkSword continued to spread.

The US-Israel war with Iran careened into its second month this week, with Iran threatening to launch attacks against more than a dozen US companies, including tech giants like Apple, Google, and Microsoft, which have offices and data centers in the Gulf region. The deadly conflict, which has no clear end in sight, continues to wreak havoc on the global economy as shipping crews remain stranded in the Strait of Hormuz, a key trade route. Meanwhile, some are beginning to wonder what could happen if US strikes cause real damage to Iran’s nuclear facilities.

And that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Earlier this week, a security researcher flagged that Anthropic accidentally made the source code for its popular vibe-coding tool, Claude Code, public. Immediately, people began reposting the code on the developer platform GitHub. But beware if you want to try to download some of those repos yourself: BleepingComputer reports that some of the posters are actually hackers who have tucked a piece of infostealer malware into the lines of code.

Anthropic, for its part, has been trying to remove copies of the leak (malware-ridden or not) by issuing copyright takedown notices. The Wall Street Journal reported that the company initially tried to remove more than 8,000 repositories on GitHub but later narrowed that down to 96 copies and adaptations.

This isn’t the first time that hackers have capitalized on interest in Claude Code, which requires users who might not be as familiar with their computer’s terminal to copy and paste install commands from a website. In March, 404 Media reported that sponsored ads on Google led to sites that were masquerading as official Claude Code installation guides, which directed users to run a command that would actually download malware.

The FBI formally classified a recent cyber intrusion into one of its surveillance collection systems as a “major incident” under FISMA—a legal designation reserved for breaches believed to pose serious risks to national security. The determination, reported to Congress earlier this week, is understood to be the first time since at least 2020 that the bureau has declared a major incident on its own systems. Politico, citing two unnamed senior Trump administration officials, reported that China is believed to be behind the intrusion. If confirmed, the breach could mark a significant counterintelligence failure for the FBI.

The FBI said it detected “suspicious activities” on its networks in February. In a notice to Congress on March 4, reviewed by Politico, the bureau said the compromised systems were unclassified and held “returns from legal process,” citing, as examples, phone and internet metadata collected under court orders and personal information “pertaining to subjects of FBI investigations.” The intruders reportedly gained access through a commercial internet service provider, an approach the FBI characterized as reflecting “sophisticated tactics.” In its only public statement, the bureau said it had deployed “all technical capabilities to respond.”

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.

Strands is the NYT’s latest word game after the likes of Wordle, Spelling Bee and Connections – and it’s great fun. It can be difficult, though, so read on for my Strands hints.

Want more word-based fun? Then check out my NYT Connections today and Quordle today pages for hints and answers for those games, and Marc’s Wordle today page for the original viral word game.

When a wave of unusual activity swept through Syrian government accounts on X in March, it first looked like pure chaos—trolling, parody names, and even explicit content. But beneath the noise lay something far more telling: a state still struggling with the most basic layer of its cybersecurity.

In early March, several official Syrian government accounts on X—including those linked to the presidency’s General Secretariat, the Central Bank, and multiple ministries—were hacked. The compromised profiles posted “Glory to Israel,” retweeted explicit material, and briefly renamed themselves after Israeli leaders.

Authorities moved to restore control within days, with the Ministry of Communications and Information Technology announcing “urgent steps” to recover the accounts and prevent further breaches. Yet what remained unsettled was the deeper question: How secure is the state’s digital front door?

In a government now dependent on commercial platforms for communication, losing a verified account doesn’t just disrupt messaging—it silences the state’s voice.

When the State Stops Speaking for Itself

At first glance, the breach appeared politically charged. Pro‑Israel messages circulating on verified government accounts during a tense regional moment fueled speculation over motive and attribution. No group claimed responsibility, and officials did not clarify whether internal systems were compromised.

To analysts, the episode pointed less to a geopolitically driven hack and more to a familiar, systemic weakness.

“We still do not know exactly what happened. Whether the accounts were directly hacked or accessed through weak or reused credentials, the conclusion is much the same: very poor digital security practices,” says Noura Aljizawi, a senior researcher at the Citizen Lab, a research organization that monitors threats to civil society in the digital age.

The ministry said it had coordinated with account administrators and X to “restore control and strengthen security,” promising new regulatory measures soon. The perpetrators have not been publicly identified.

One Weak Link, Multiple Accounts

Before the accounts were recovered, several displayed identical pro‑Israel messaging—a detail that suggested shared credentials or centralized access, according to platform monitoring data.

That assessment was echoed across the cybersecurity community.

“The fact that several official X accounts seemed to fall in quick succession suggested some form of centralized control, possibly with the same credentials used across multiple accounts,” says Muhannad Abo Hajia, cybersecurity expert at Damascus-based group Sanad. “That kind of setup is not inherently wrong, but only if proper safeguards are in place.”

Experts say this pattern is consistent with common failures: password reuse, phishing attempts, compromised recovery channels, or the absence of multifactor authentication (MFA). In practice, one careless password or a single compromised recovery email could give outsiders control of multiple institutions.

“Account takeovers of this kind are common enough globally and usually result from familiar vulnerabilities: phishing, password reuse, compromised recovery emails, weak credentials, or the absence of MFA,” says Rinad Bouhadir, a cybersecurity engineer tracking the region.

A System Built on Fragile Foundations

The breach, specialists say, reflects not a targeted cyber‑offensive but deeper structural flaws.

“The current authorities inherited a near-nonexistent cybersecurity system and have yet to treat repairing it as a real priority,” says Dlshad Othman, a Syrian cybersecurity specialist.

He believes the incident likely stemmed from either a centralized unit managing several official accounts or a shared third‑party tool used across ministries—both of which create a single point of failure.

That design makes multiple agencies vulnerable at once. In moments of heightened tension, even one falsified post from a verified government account could stoke panic, misreporting, or escalation before correction.

A verified government account can be weaponized to spread false information in real time, particularly during periods of regional escalation, when confusion carries immediate real-world risk.

The Artemis II crew is almost at the moon, and the astronauts spent this weekend carrying out preparations for their lunar flyby on Monday. That included manual piloting demonstrations, reviewing their science objectives for the six-hour observation period and evaluating their space suits, which are there for life support in the event of an emergency and for their return home. But, they’ve had plenty of time to take in the views, too — and those views sure are spectacular. In the latest series of images shared by the space agency, the astronauts are seen gazing at Earth through the windows of the Orion spacecraft.

Orion will reach the moon’s vicinity shortly after midnight on Monday, April 6. Later that day, the crew is expected to reach a point farther than any humans have traveled from Earth, surpassing the record of 248,655 miles from Earth set by the Apollo 13 astronauts in 1970.

The lunar observation period will start at 2:45PM ET, and a few hours later, they’ll be behind the moon and briefly drop out of communication. The spacecraft’s closest approach to the moon is expected to occur at 7:02PM, when it will be 4,066 miles from the surface. “From that distance, the crew will see the entire disk of the Moon at once, including regions near the north and south poles,” according to NASA. The crew will later get a chance to see a solar eclipse “as Orion, the Moon, and the Sun align in such a way that the astronauts will see our star disappear behind the Moon for about an hour.” NASA will have coverage of the flyby starting at 1PM ET.

In short: The Court of Rome has ruled that Netflix’s repeated price increases between 2017 and 2024 violated Italian consumer law and EU Directive 93/13/EEC on unfair contract terms. The ruling voids the relevant contract clauses, orders current prices rolled back to 2015 launch levels, and requires Netflix to notify millions of current and former Italian subscribers of their right to a refund, up to €500 for Premium subscribers and up to €250 for Standard subscribers. Netflix has said it will appeal.

A Roman court has given Netflix the bill for nearly a decade of price increases. In a ruling published on 1 April 2026, the Court of Rome found that Netflix had imposed repeated and unjustified price increases on its Italian subscribers in violation of the Italian Consumer Code and EU Directive 93/13/EEC, which prohibits unfair terms in standard consumer contracts. The action was brought by Movimento Consumatori, one of Italy’s largest consumer associations. The ruling, catalogued as sentence 4993/2026, affects up to 5.4 million current Italian subscribers and an unquantified number of former subscribers who cancelled during the relevant period.

Netflix launched in Italy in 2015 with a Premium plan priced at €11.99 per month. It raised prices in 2017, again in 2019, again in 2021, and most recently in November 2024, bringing the Premium plan to €19.99, an increase of €8 per month from its original price. The Standard plan reached €13.99 over the same period. The court found that none of the price changes were accompanied by justified reasons in the contract, and that offering subscribers 30 days’ notice alongside the option to cancel was not a meaningful substitute for genuine consent. Under the directive, contract terms that impose a significant imbalance between a business and a consumer, without the consumer’s substantive agreement, are void from the outset.

What the court has ordered

The ruling imposes several specific obligations on Netflix. The price-hike clauses in its standard contracts are void and unenforceable. Current subscription prices must be reduced: the Premium plan to €11.99 and the Standard plan to €9.99, the levels that applied before the first unlawful increase. Netflix must notify all current and former Italian subscribers, by email, postal mail, its own website, and notices placed in Italian national newspapers, within 90 days of the ruling, or face a daily penalty of €700 for non-compliance. Future contracts must specify the conditions under which prices may change. Eligible subscribers could receive approximately €500 in refunds if they have been on the Premium plan since 2017, and approximately €250 if they have been on the Standard plan.

Not an isolated ruling

The Court of Rome’s decision does not stand alone. In Germany, the federation of consumer organisations vzbv has brought a parallel action against Netflix on the same legal basis, and courts in Berlin and Cologne have already found that Netflix’s price-change clauses are void under German contract law. In Spain, the consumer association FACUA is pursuing a comparable challenge. Each case rests on EU Directive 93/13/EEC as its shared legal foundation,  a regulatory tradition that Europe has been strengthening across its digital markets for years. A defeat in Germany, where the vzbv case continues, would expose Netflix to liability across a subscriber base considerably larger than Italy’s.

The timing of the Italian ruling adds another layer of complexity. It was published on 1 April 2026, three days after Netflix had announced a global price increase on 26 March 2026, raising subscription costs across every major market. In Italy, that announcement arrived into a legal environment that had just ruled in the opposite direction. Netflix’s revised terms of service, updated in April 2025, already include conditions specifying the grounds on which prices may change, citing technical and regulatory factors as potential justifications. Whether those revised terms arrived in time to limit the company’s exposure, or were drafted in direct anticipation of mounting litigation,  is likely to feature prominently in the appeal.

Netflix’s position

Netflix has said it will contest the ruling. The company has not confirmed publicly whether it will comply with the notification and price-reduction obligations while the appeal is pending. Netflix indicated that the revised terms of service introduced in April 2025 already address the transparency concerns the court identified. The expectation that platforms disclose the basis for changes to the terms of a paid service is not limited to any single jurisdiction or sector; it has become a baseline assumption in European and increasingly global regulatory frameworks. The counterargument from Movimento Consumatori is that the obligation to provide justified reasons for price changes has existed in EU law since 1993, and that revising a contract after litigation has commenced does not retroactively cure the clauses that applied during the years of the increases.

What it means for streaming in Europe

Italy is Netflix’s fourth-largest market in Europe, with approximately 5.4 million subscribers as of October 2025 and 8 million unique users recorded during 2024. Europe’s digital market has long been the site of the most consequential tests of how much latitude technology platforms have to set their own commercial terms, and the Rome ruling is among the most direct verdicts yet on the specific question of subscription pricing. Every major streaming service operating in the EU, including Disney Plus, Amazon Prime Video, and Apple TV Plus,  uses a structurally similar mechanism: notify by email, offer a cancellation option, and proceed. If the Rome court’s interpretation of Directive 93/13/EEC is upheld on appeal or replicated by German and Spanish courts, the commercial model underlying a decade of streaming growth would require fundamental redesign across the sector.

Subscription pricing has been one of the defining revenue levers of the past decade, built on the assumption that inertia,  the gap between receiving a price-notification email and actually cancelling, functions, in practice, as consent. European courts are now testing that assumption against the text of a consumer protection directive that has been in force since 1993. Italy’s answer, issued in the first week of April 2026, is that the freedom to cancel is not the same thing as the freedom to agree. The commercial models that scaled through 2025 are increasingly arriving in front of courts equipped with three decades of consumer protection law, and the outcomes are starting to accumulate.