monkey abuse The “online monkey torture video” arrests just keep coming Authorities continue the slow crackdown. Nate Anderson – Jun 14, 2025 7:00 am | 34 Credit: Getty Images Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Today's monkey torture videos are the products of a digitally connected world. People who enjoy watching baby animals probed, snipped, and mutilated in horrible ways often have difficulty finding local collaborators, but online communities like "million tears"—now thankfully shuttered—can help them forge connections. Once they do meet other like-minded souls, communication takes place through chat apps like Telegram and Signal, often using encryption. Money is pooled through various phone apps, then sent to videographers in countries where wages are low and monkeys are plentiful. (The cases I have seen usually involve Indonesia; read my feature from last year to learn more about how these groups work.) There, monkeys are tortured by a local subcontractor—sometimes a child—working to Western specs. Smartphone video of the torture is sent back to the commissioning sadists, who share it with more viewers using the same online communities in which they met. The unfortunate pattern was again on display this week in an indictment the US government unsealed against several more Americans said to have commissioned these videos. The accused used online handles like "Bitchy" and "DemonSwordSoulCrusher," and they hail from all over: Tennessee, North Carolina, Ohio, Pennsylvania, and Massachusetts. They relied on an Indonesian videographer to create the content, which was surprisingly affordable—it cost a mere $40 to commission video of a "burning hot screwdriver" being shoved into a baby monkey's orifice. After the money was transferred, the requested video was shot and shared through a "phone-based messaging program," but the Americans were deeply disappointed in its quality. Instead of full-on impalement, the videographer had heated a screwdriver on a burner and merely touched it against the monkey a few times. "So lame," one of the Americans allegedly complained to another. "Live and learn," was the response. So the group tried again. "Million tears" had been booted by its host, but the group reconstituted on another platform and renamed itself "the trail of trillion tears." They reached out to another Indonesian videographer and asked for a more graphic version of the same video. But this version, more sadistic than the last, still didn't satisfy. As one of the Americans allegedly said to another, "honey that's not what you asked for. Thats the village idiot version. But I'm talking with someone about getting a good vo [videographer] to do it." Arrests continue In 2021, someone leaked communications from the "million tears" group to animals rights organizations like Lady Freethinker and Action for Primates, which handed it over to authorities. Still, it took several years to arrest and prosecute the torture group's leaders. In 2024, one of these leaders—Ronald Bedra of Ohio—pled guilty to commissioning the videos and to mailing "a thumb drive containing 64 videos of monkey torture to a co-conspirator in Wisconsin." His mother, in a sentencing letter to the judge, said that her son must "have been undergoing some mental crisis when he decided to create the website." As a boy, he had loved all of the family pets, she said, even providing a funeral for a fish. Bedra was sentenced late last year to 54 months in prison. According to letters from family members, he has also lost his job, his wife, and his kids. In April 2025, two more alleged co-conspirators were indicted and subsequently arrested; their cases were unsealed only this week. Two other co-conspirators from this group still appear to be uncharged. In May 2025, 11 other Americans were indicted for their participation in monkey torture groups, though they appear to come from a different network. This group allegedly "paid a minor in Indonesia to commit the requested acts on camera." As for the Indonesian side of this equation, arrests have been happening there, too. Following complaints from animal rights groups, police in Indonesia have arrested multiple videographers over the last two years. Nate Anderson Deputy Editor Nate Anderson Deputy Editor Nate is the deputy editor at Ars Technica. His most recent book is In Emergency, Break Glass: What Nietzsche Can Teach Us About Joyful Living in a Tech-Saturated World, which is much funnier than it sounds. 34 Comments

The murder of John Forde was the culmination to years of political, social, and criminal intrigue.   Get the Popular Science daily newsletter💡 Breakthroughs, discoveries, and DIY tips sent every weekday. Researchers have uncovered handwritten letters, court documents, and a coroner’s report related to the nearly 700-year-old cold case murder of a medieval priest. Published on June 5 in the journal Criminal Law Forum, the investigation draws on direct archival evidence from Cambridge University that is helping fill in the gaps to a high-profile true crime scandal that would make headlines even today. But despite a mountain of firsthand accounts, the murder’s masterminds never saw justice. The ‘planned and cold-blooded’ crime On Friday, May 3, 1337, Anglican priest John Forde began a walk along downtown London’s Cheapside street after vespers (evening prayers) shortly before sunset. At one point, a clergyman familiar to Forde by the name of Hasculph Neville approached him to begin a “pleasant conversation.” As the pair neared St. Paul’s Cathedral, four men ambushed the priest. One of the attackers then proceeded to slit Forde’s throat using a 12-inch dagger as two other assailants stabbed him in the stomach in front of onlookers. The vicious crime wasn’t a brazen robbery or politically motivated attack. It was likely a premeditated murder orchestrated by Ela Fitzpayne, a noblewoman, London crime syndicate leader—and potentially Forde’s lover. “We are looking at a murder commissioned by a leading figure of the English aristocracy. It is planned and cold-blooded, with a family member and close associates carrying it out, all of which suggests a revenge motive,” Cambridge University criminology professor Manuel Eisner explained in a statement. The location of the murder of John Forde on May 3, 1337. Credit: Medieval Murder Maps / University of Cambridge’s Institute of Criminology / Historic Towns Trust. A longstanding feud To understand how such a brutal killing could take place in daylight on a busy London street, it’s necessary to backtrack at least five years. In January 1332, the Archbishop of Canterbury sent a letter to the Bishop of Winchester that included a number of reputation-ruining claims surrounding Fitzpayne. In particular, Archbishop Simon Mepham described sexual relationships involving “knights and others, single and married, and even with clerics in holy orders.” The wide-ranging punishments for such sinful behavior could include a prohibition on wearing gold and other precious jewelry, as well as large tithes to monastic orders and the poor. But the most humiliating atonement often came in the form of a public walk of shame. The act of contrition involved walking barefoot across Salisbury Cathedral—England’s longest nave—in order to deliver a handcarried, four-pound wax candle to the church altar. What’s more, Archbishop Mepham commanded that Fitzpayne must repeat this penance every autumn for seven years. Fitzpayne was having none of it. According to Mepham’s message, the noblewoman chose to continue listening to a “spirit of pride” (and the devil), and refused to abide by the judgment. A second letter sent by the Archbishop that April also alleged that she had since absconded from her husband, Sir Robert Fitzpayne, and was hiding in London’s Rotherhithe district along the Thames River. Due to this, Archbishop Mepham reported that Ela Fitzpayne had been excommunicated from the church. Image of the Archbishop of Canterbury’s letters to the Bishop of Winchester on the subject of Ela Fitzpayne, from the register of John de Stratford. Credit: Hampshire Archives and Hampshire County Council. Raids and rats But who tipped the clergy off to her indiscretions? According to Eisner’s review of original documents as part of the Cambridge University Institute of Criminology’s Medieval Murder Maps project, it was almost certainly her ex-lover, the soon-to-be-murdered John Forde. He was the only alleged lover named in Archbishop Mepham’s letters, and served as a church rector in a village located on the Fitzpayne family’s estate at the time of the suspected affair.  “The archbishop imposed heavy, shameful public penance on Ela, which she seems not to have complied with, but may have sparked a thirst for vengeance,” Eisner said. “Not least as John Forde appears to have escaped punishment by the church.” But Forde’s relationship with the Fitzpaynes seems to have extended even more illicit activities. In another record reviewed by Eisner, both Ela Fitzpayne and John Forde had been indicted by a Royal Commission in 1322. The crime–assisting in the raid of a Benedictine priory alongside Sir Fitzpayne. They and others reportedly assaulted the priory a year earlier, making off with around 18 oxen, 30 pigs, and 200 sheep. The monastery coincidentally served as a French abbey’s outpost amid increasing tensions between France and England in the years leading up to the Hundred Years’ War. Archbishop Mepham was almost certainly displeased after hearing about the indictment of one of his own clergy. A strict administrator himself, Mepham “was keen to enforce moral discipline among the gentry and nobility,” added Eisner. He theorizes that Forde copped to the affair after getting leaned on by superiors, which subsequently led to the campaign to shame Ela Fitzpayne as a means to reassert the Church’s authority over English nobility. Forde, unfortunately, was caught between the two sides. “John Forde may have had split loyalties,” argued Eisner. “One to the Fitzpayne family, who were likely patrons of his church and granted him the position. And the other to the bishops who had authority over him as a clergy member.” Archbishop Mepham ultimately wouldn’t live to see the scandal’s full consequences. Fitzpayne never accepted her walk of shame, and the church elder died a year after sending the incriminating letters. Eisner believes the Fitzpaynes greenlit their hit job on Forde only after the dust had seemingly settled. It doesn’t help their case three bystanders said the man who slit the rector’s throat was none other than Ela Fitzpayne’s own brother, Hugh Lovell. They also named two family servants as Forde’s other assailants. Archbishop Mepham died four years before Forde’s murder. Credit: ampshire Archives and Hampshire County Council Turning a blind eye Anyone waiting for justice in this medieval saga will likely be disappointed. “Despite naming the killers and clear knowledge of the instigator, when it comes to pursuing the perpetrators, the jury turn[ed] a blind eye,” Eisner said. Eisner explained the circumstances surrounding an initial lack of convictions were simply “implausible.” No one supposedly could locate the accused to bring to trial, despite the men belonging to one of England’s highest nobility houses. Meanwhile, the court claimed Hugh Lovell had no belongings available to confiscate. “This was typical of the class-based justice of the day,” said Eisner. In the end, the only charge that ever stuck in the murder case was an indictment against one of the family’s former servants. Five years after the first trial in 1342, Hugh Colne was convicted of being one of the men to stab Forde in the stomach and sentenced to the notorious Newgate Prison. As dark and sordid as the multiyear medieval drama was, it apparently didn’t change much between Ela Fitzpayne and her husband, Sir Robert. She and the baron remained married until his death in 1354—when she subsequently inherited all his property. “Where rule of law is weak, we see killings committed by the highest ranks in society, who will take power into their own hands, whether it’s today or seven centuries ago,” said Eisner. That said, the criminology professor couldn’t help but concede that Ela Fitzpayne was an “extraordinary” individual, regardless of the era. “A woman in 14th century England who raided priories, openly defied the Archbishop of Canterbury, and planned the assassination of a priest,” he said. “Ela Fitzpayne appears to have been many things.”

Image of the Archbishop of Canterbury's letters to the Bishop of Winchester on the subject of Ela Fitzpayne, from the register of John de Stratford. Reproduced with permission of Hampshire Archives and Hampshire County Council. (Image Credit: Register of John de Stratford. Reproduced with permission of Hampshire Archives and Hampshire County Council.)NewsletterSign up for our email newsletter for the latest science newsEspionage, sex, public humiliation, murder — these may sound like tropes straight out of Game of Thrones, but they’re actually all elements of a nearly 700-year-old cold case in England. After analyzing Medieval letters and records, a research team from the Cambridge University Institute of Criminology’s Medieval Murder Maps project may have found the killer of a priest. However, this priest may not have been so innocent. A new paper published in Criminal Law Forum takes a deeper look at this 14th-century cold case.Tracing a Medieval MurderThe Medieval Murder Maps project uses interactive maps of three English cities, London, Oxford, and York, during the Medieval period. Throughout the cities are the locations of various deaths and murders. Each location has a story associated with it, directly from written records and coroners' reports at the time. Some of these stories are full of intriguing twists and turns.The Cambridge research team analyzed over 100 murders from texts, translated from Latin, from that period, and used a coding method to separate the deaths into different categories, including time (day, week, month), motivation, weapon used, victim, and location. From this information, one of the deaths the team found most interesting was the murder of John Forde in 1337.A Medieval Lover to Murderer From the letters and texts the team analyzed, they pieced together the events that led up to Forde’s death. Forde was a priest living in London when he was murdered on a busy street. But what possible reason would someone have to want to murder a priest? The motive, according to the research team, was likely revenge. According to Manuel Eisner, one of the study’s authors, the murder may have been an act of revenge by noblewoman Ela Fitzpayne. According to the records, the Archbishop of Canterbury, Simon Mepham, had enacted penance on Fitzpayne after it was discovered that Forde had been her lover. A letter written by Archbishop Mepham accused Fitzpayne of adultery with Forde and possibly others. Her penance was to take a barefoot walk of shame across Salisbury Cathedral. Eisner also found a document that suggested Fitzpayne, her husband, and John Forde sent a gang to rob a church priory and took the livestock for ransom. It’s possible that during this time, Forde found himself in bed with Fitzpayne, before betraying her to the Archbishop Mepham. Commissioned Murder Possibly betrayed by her former lover and sentenced to walks of shame that were to take place once a year for seven years,  Fitzpayne would have none of it. On an early evening on a busy London street, near St. Paul’s Cathedral, three men attacked Forde. One slit his throat while the others stabbed him in the gut. Witnesses claim that the murderers were Fitzpayne’s brother and two of her former servants. “We are looking at a murder commissioned by a leading figure of the English aristocracy. It is planned and cold-blooded, with a family member and close associates carrying it out, all of which suggests a revenge motive,” said Eisner in a press release.Cold Case RevealedAccording to letters from Archbishop Mepham, Fitzpayne was led by the devil and a “spirit of pride.”“The archbishop imposed heavy, shameful public penance on Ela, which she seems not to have complied with, but may have sparked a thirst for vengeance,” said Eisner in a press release. “Not least as John Forde appears to have escaped punishment by the church.” When Archbishop Mepham died in 1333, Fitzpayne waited four years before enacting her revenge, and in 1337, Forde was killed. Article SourcesOur writers at Discovermagazine.com use peer-reviewed studies and high-quality sources for our articles, and our editors review for scientific accuracy and editorial standards. Review the sources used below for this article:A graduate of UW-Whitewater, Monica Cull wrote for several organizations, including one that focused on bees and the natural world, before coming to Discover Magazine. Her current work also appears on her travel blog and Common State Magazine. Her love of science came from watching PBS shows as a kid with her mom and spending too much time binging Doctor Who.1 free article leftWant More? Get unlimited access for as low as $1.99/monthSubscribeAlready a subscriber?Register or Log In1 free articleSubscribeWant more?Keep reading for as low as $1.99!SubscribeAlready a subscriber?Register or Log In

/May 30, 2025/4:28 p.m. ETTrump Attacks Harvard With Social Media Screening for All VisasThis pilot program will soon be expanded across the country.Spencer Platt/Getty ImagesThe Trump administration has begun carrying out its expanded vetting for student visa applicants, surveilling their social media accounts to make sure they aren’t posting anything in support of Palestine, which the administration considers antisemitic. This vetting will start with Harvard visa applicants but is expected to be adopted nationwide.Secretary of Stato Marco Rubio sent a cable to all U.S. embassies and consulates on Thursday ordering them to “conduct a complete screening of the online presence of any nonimmigrant visa applicant seeking to travel to Harvard University for any purpose.” That would apply not just to students but also to faculty, staff, and researchers visiting the university.The Trump administration is taking particular interest in people who have their social media accounts on “private,” an obvious, ominous crossing of boundaries.The State Department has ordered officers to examine “whether the lack of any online presence, or having social media accounts restricted to ‘private’ or with limited visibility, may be reflective of evasiveness and call into question the applicant’s credibility.”This is yet another instance of Harvard serving as a test subject for the administration’s larger crackdown on free speech and international students at American universities. Trump has already revoked billions of dollars in research funding from the Massachusetts school, and even banned it from admitting any international students at all, although the latter policy was temporarily revoked by a judge. Most Recent Post/May 30, 2025/3:53 p.m. ETStephen Miller Grilled on Musk’s Drug Use as Wife Lands New GigTrump’s chief adviser seems desperate to avoid questions on Elon Musk. Does that have anything to do with his wife’s new job? Francis Chung/Politico/Bloomberg/Getty ImagesStephen Miller had a dismissive response Friday to new reports of Elon Musk’s drug use during Trump’s campaign last year. CNN’s Pamela Brown asked the far-right Trump adviser if there was “any drug testing or requests for him to drug test when he was in the White House given the fact that he was also a contractor with the government.”  A chuckling Miller ignored the question and said, “Fortunately for you and all of the friends at CNN, you’ll have the opportunity to ask Elon all the questions you want today yourself,” before he then segued into the Trump administration’s anti-immigrant agenda. “The drugs I’m concerned about are the drugs that are coming across the border from the criminal cartels that are killing hundreds of thousands of Americans,” Miller said. Perhaps Miller laughed instead of answering because his wife, Katie Miller, has left her job as adviser and spokesperson for the Department of Government Efficiency to work full-time for Musk and his companies. Miller has probably had enough of Musk, as he has also been subtweeting the tech oligarch, trying to refute Musk’s criticisms that the Republican budget bill would raise the deficit. “The Big Beautiful Bill is NOT an annual budget bill and does not fund the departments of government. It does not finance our agencies or federal programs,” Miller said, in a long X post earlier this week. Is there bad blood between Miller and Musk that has now spiraled because Miller’s wife is working for the tech oligarch and fellow fascism enthusiast? Most Recent Post/May 30, 2025/3:19 p.m. ETOld Man Trump Repeatedly Fumbles in Weird Speech Praising Elon MuskDonald Trump couldn’t keep some of his words straight as he marked the supposed end of Elon Musk’s tenure at the White House.Kevin Dietsch/Getty ImagesHours after reports emerged Friday that Elon Musk had been under the influence of heavy drugs during his time advising the president, Musk and Donald Trump stumbled and fumbled their way through a White House press conference recognizing the end of the tech billionaire’s special government employee status.The wildly unusual joint conference featured Musk’s black eye, a giant gold key that Trump said he only gives to “very special people,” cringe-worthy regurgitations by Musk of Trump’s take on his Pulitzer Board defamation suit, and claims that Musk’s unpopular and controversial time in the White House was not quite over.But as Trump continued to praise Musk and his time atop the Department of Government Efficiency, the president’s verbal gaffes became more apparent. He claimed that DOGE had uncovered $42 million in wasteful spending, referring to expenditures related to Uganda, which Trump pronounced as “oo-ganda.” The 78-year-old also mentioned he would have Musk’s DOGE cuts “cauterized by Congress,” though he quickly corrected himself by saying they would be “affirmed by Congress,” instead. Trump’s on-camera slippage has gotten worse in recent weeks: Earlier this month, Trump dozed off while in a meeting with Crown Prince Mohammed bin Salman in Riyadh, Saudi Arabia. That is despite the fact that the president received a clean bill of health in a medical report released in April that described Trump as being in “excellent health,” including neurological functioning.Musk, meanwhile, refused to acknowledge emerging reports of his alleged drug use. But the news of White House drug use under Trump’s helm is nothing new: In fact, if the reports prove true, it would be little more than a return to form. Last year, a report by the Department of Defense inspector general indicated that the West Wing operated more like a pill mill than the nation’s highest office. Common pills included modafinil, Adderall, fentanyl, morphine, and ketamine, according to the Pentagon report. But other, unlisted drugs—like Xanax—were equally easy to come by from the White House Medical Unit, according to anonymous sources that spoke to Rolling Stone.While other presidents were known to take a mix of drug cocktails to fight off back pain (like JFK) or bad moods (like Nixon), no previous administrations matched the level of debauchery of Trump’s, whose in-office pharmacists unquestioningly handed out highly addictive substances to staffers who needed pick-me-ups or energy boosts—no doctor’s exam, referral, or prescription required.“It was kind of like the Wild West. Things were pretty loose. Whatever someone needs, we were going to fill this,” another source told Rolling Stone in March 2024.Meanwhile, pharmacists described an atmosphere of fear within the West Wing, claiming they would be “fired” if they spoke out or would receive negative work assignments if they didn’t hand pills over to staffers.Read more about the press conference:Trump and Elon Musk Have Ominous Warning About Future of DOGEMost Recent Post/May 30, 2025/3:00 p.m. ETElon Musk Gives Strange Excuse for Massive Black EyeMusk showed up a press conference with Donald Trump sporting a noticeable shiner.Kevin Dietsch/Getty ImagesElon Musk sported what looked like a black eye during his DOGE goodbye press conference with President Trump on Friday. When asked about it, he blamed the bruise on his 5-year-old son punching him in the face. “Mr. Musk … is your eye OK? What happened to your eye; I noticed there’s a bruise there?” one reporter finally asked near the end of the press conference.“Well, I wasn’t anywhere near France,” Musk said, in a weak attempt at a joke regarding footage of French President Emmanuel Macron’s wife slapping him in the face.“I was just horsing around with [my son] little X and said, ‘Go ’head and punch me in the face,’ and he did. Turns out even a 5-year-old punching you in the face actually does—”“That was X that did it? X could do it!” Trump chimed in. “If you knew X …”“I didn’t really feel much at the time; I guess it bruises up. But I was just messing around with the kids.”Musk chose an impeccable time to show up to a press conference with a black eye. Earlier in the day, The New York Times reported on Musk’s rampant drug use on and off the campaign trail, as the world’s richest man frequently mixed ketamine and psychedelics and kept a small box of pills, mostly containing Adderall. The shiner only adds to speculation around his personal habits.More on that Times report:Elon Musk Was on Crazy Combo of Drugs During Trump CampaignMost Recent Post/May 30, 2025/2:51 p.m. ETTrump and Elon Musk Have Ominous Warning About Future of DOGEElon Musk’s time as a government employee has come to an end, but his time with Donald Trump has not.Kevin Dietsch/Getty ImagesDespite the fanfare over Elon Musk’s supposed departure from the Department of Government Efficiency, Donald Trump says that the billionaire bureaucrat isn’t really going anywhere.“Many of the DOGE people are staying behind, so they’re not leaving. And Elon’s not really leaving. He’s gonna be back and forth, I think. I have a feeling. It’s his baby, and he’s gonna be doing a lot of things,” Trump said during a press conference in the Oval Office Friday.The press conference was held to mark the end of Musk’s time as a so-called “special government employee,” a title that allowed him to bypass certain ethics requirements during his 134-day stint in Trump’s administration. The president made sure to give Musk a gaudy golden key—what it actually unlocks went totally unaddressed—to make sure he could get back into the White House. “This is not the end of DOGE, but really the beginning,” Musk said, promising that DOGE’s “influence” would “only grow stronger” over time.Earlier Friday, the billionaire bureaucrat shared a post on X asserting that the legacy of DOGE was more psychological than anything else. Surely, it will take longer than four months to forget the image of Musk running around with a chainsaw. Read more about Musk:Elon Musk Was on Crazy Combo of Drugs During Trump CampaignMost Recent Post/May 30, 2025/1:21 p.m. ETDem Governor Vetoes Ban on Surprise Ambulance Bills in Shocking MoveThe bill had unanimous support in both chambers of the state legislature.Michael Ciaglo/Getty ImagesColorado’s Democratic Governor Jared Polis has vetoed a bill that would ban surprise billing by ambulance companies, over the unanimous objections of both chambers of the state legislature. Why would Polis veto a bill that’s popular with everyone, even Colorado Republicans? The governor wrote in his veto statement that drafting errors in the bill made it “unimplementable” and estimated that it would make insurance premiums go up by as much as $0.73 to $2.15 per person. “I am committed to working with proponents and sponsors to protect Coloradans from surprise bills, but I encourage all parties to work towards a more reasonable reimbursement rate that mitigates premium impacts and nets a better deal for Colorado families,” Polis wrote. In Colorado, if legislators in both chambers repass the bill with a two-thirds majority, they can override the governor’s veto, especially considering that the bill passed with the support of every single legislator. But the legislature adjourned on May 7, meaning that the bill has to be passed again when the legislature reconvenes in January.  For some reason, ending surprise ambulance billing nationally is not the slam-dunk issue it should be. Congress ended most surprise medical bills in 2020 but exempted ground ambulances from the bill. Was Polis’s veto due to badly drafted language and a (seemingly modest) price hike in insurance premiums, as he said, or was it for a different, more nefarious reason? We might not know unless and until the bill is reintroduced next year. More on surprise ambulance bills:Congress Doesn’t Care About Your Surprise Ambulance Bill Most Recent Post/May 30, 2025/12:21 p.m. ETTrump’s Pardons Since Jan 6 Spree Show an Infuriatingly Corrupt TrendSince his January 6 pardon spree, Donald Trump has tended to grant clemency a little closer to home.Saul Loeb/AFP/Getty ImagesA good chunk of the white-collar criminals pardoned by Donald Trump after his massive “Day One” pardoning spree either have a political or financial tie to him.The president has issued 60 pardons since he offered political forgiveness to some 1,600 individuals charged in the January 6, 2021, attack on the U.S. Capitol. But out of those subsequent 60 unrelated to the attack, 12 people—or roughly one in five—were already in Trump’s orbit, according to ABC News.They included several politicos, including former Illinois Governor Rod Blagojevich, who was convicted on several counts of corruption, including for an attempt to sell Barack Obama’s Senate seat after he left the position for the White House; former Republican Representative Michael Grimm, who pleaded guilty to tax fraud; former Nevada gubernatorial candidate Michele Fiore, who allegedly stole public funds intended to commemorate a slain police officer; and former Tennessee state Senator Brian Kelsey, who pleaded guilty to campaign finance fraud in 2022.Trump also pardoned major financiers of his presidential campaigns. Trevor Milton, the founder of the Nikola electric vehicle company, donated nearly $2 million toward Trump’s 2024 campaign. Imaad Zuberi, who has donated to both parties, issued “at least $800,000 to committees associated with Trump and the Republican Party,” ABC reported.Others helped Trump advance his retribution campaign against his political enemies, or helped advance his own image in the broader Republican Party. Devon Archer and Jason Galanis, both former business partners of Hunter Biden, accused the younger Biden of leveraging his father’s name and influence in order to conduct business overseas. Archer had defrauded a Native American tribal entity, while Galanis was serving time for multiple offenses. Trump also forgave Todd and Julie Chrisley—reality TV stars known for their show Chrisley Knows Best who were sentenced to a combined 19 years on fraud and tax evasion charges—after their daughter Savannah Chrisley spoke at the 2024 Republican National Convention.Speaking to press Friday after her parents’ release, Savannah Chrisley said that the “biggest misconception right now is I either paid for a pardon or slept for a pardon—,” but she couldn’t finish her sentence before Todd interjected: “That’s something I would have done,” he said.Read who else Trump is thinking of pardoning:Trump Considering Pardons for Men Who Tried to Kill Gretchen WhitmerMost Recent Post/May 30, 2025/12:04 p.m. ETTrump Knew He Was Deporting Innocent People to El Salvador All AlongMany of the people deported to El Salvador have no criminal record, and Donald Trump knew it.Michael M. Santiago/Getty ImagesDonald Trump’s administration was well aware that many of the 238 Venezuelan immigrants it shipped off to a notorious megaprison in El Salvador had no criminal records at all, according to a Friday report from ProPublica.  While Trump officials claimed that the deportees were brutal gang members and “the worst of the worst,” only 32 of the deportees had actually been convicted of crimes, and most of them were minor offenses such as traffic violations, according to data from the Department of Homeland Security reviewed by ProPublica, The Texas Tribune, and a team of journalists from Venezuelan media outlets. One of the men, 23-year-old Maikol Gabriel López Lizano, faced a misdemeanor charge after he was arrested in 2023 for riding his bike and drinking a can of beer.Little more than half of the deportees, 130 of the 238, were charged only with violating U.S. immigration laws. Twenty of them had criminal records from other countries. The U.S. government data showed that 67 individuals had pending charges, with only six being for violent crimes. In several cases, the government data about the pending charges differed from what ProPublica was able to find. In some cases, the men had actually been convicted, and in one, the charges had been dropped. But in many cases, these individuals were remanded to a foreign prison before their criminal cases were ever resolved. The Trump administration has touted allegations of gang affiliation as a justification for denying the deportees their due process rights. But none of the men’s names appeared on a list of roughly 1,400 alleged Tren de Aragua members kept by the Venezuelan government, ProPublica reported. Trump’s border czar Tom Homan tried desperately in March to downplay reporting that many of these individuals did not have criminal records. “A lot of gang members don’t have criminal histories, just like a lot of terrorists in this world, they’re not in any terrorist databases, right?” Homan said on ABC News. But the methods the government relies on to classify individuals as gang members—such as identification of gang-affiliated tattoos—have been disproven by experts. Not only were many of the men who were deported not proven gang members, they weren’t even criminals, and by denying them the right to due process, they were remanded to a foreign prison notorious for human rights abuses without ever getting to prove it. Trump has continued to pressure the Supreme Court to allow him to sidestep due process as part of his massive deportation campaign, claiming that the judiciary has no right to intrude on matters of “foreign policy.” But immigrants residing on U.S. soil—who are clearly not the bloodthirsty criminals the administration insists they are—are still subject to protections under U.S. law. Read more about the deportations:Trump Asks Supreme Court to Help Him Deport People Wherever He WantsMost Recent Post/May 30, 2025/11:41 a.m. ETJoni Ernst Stoops to Shocking Low When Told Medicaid Cuts Will KillSenator Joni Ernst had a disgusting answer when confronted by a constituent at her town hall about Trump’s budget bill.Drew Angerer/Getty ImagesRepublican Senator Joni Ernst had a particularly unhinged response to questions from her constituents at a town hall in Parkersburg, Iowa, on Friday.Ernst was asked about the GOP’s budget bill kicking people off of Medicaid, and her condescending answer quickly became callous and flippant as the Iowa politician smirked at the audience.“When you are arguing about illegals that are receiving Medicaid, 1.4 million, they’re not eligible, so they will be coming off, so—” Ernst began, before an audience member shouted, “People are going to die!”“People are not—well, we all are going to die,” Ernst responded, as the audience drowned her in loud protests.What was Ernst thinking with that answer? Almost every Republican town hall this year has gone badly for the politician holding it, thanks to President Trump upending the federal government, and Ernst surely knew that choosing death over Medicaid wouldn’t go over well with the crowd. Earlier this week in Nebraska, Representative Mike Flood was heckled after he admitted that he didn’t read the budget bill.Ersnt’s town hall wasn’t even the first one in Iowa to go badly for a Republican. On Wednesday, Representative Ashley Hinson was met with jeers and boos, with audience members in Decorah, Iowa calling her a fraud and a liar. But at least Hinson had the good sense not to seemingly embrace death over a vital, lifesaving government program. More on Trump’s bill:Here Are the Worst Things in Trump’s Big, Beautiful Bill Most Recent Post/May 30, 2025/11:35 a.m. ETKetanji Brown Jackson Blasts “Botched” Supreme Court Ruling on TPSSupreme Court Justice Ketanji Brown Jackson, in a scathing disssent, called out the rest of the court for allowing Trump’s harmful executive order to stand.Anna Moneymaker/Getty ImagesSupreme Court Justice Ketanji Brown Jackson thinks the Supreme Court “botched” a decision to allow the Trump administration to revoke the Temporary Protected Status protections of about 500,000 Haitian, Cuban, Nicaraguan, and Venezuelan immigrants.Jackson and fellow liberal Justice Sonia Sotomayor were the only two dissenters.“The Court has plainly botched this assessment today. It requires next to nothing from the Government with respect to irreparable harm,” Jackson wrote in the dissent. “And it undervalues the devastating consequences of allowing the Government to precipitously upend the lives of and livelihoods of nearly half a million noncitizens while their legal claims are pending.”TPS is a long-standing program that allowed those 500,000 immigrants to stay in the U.S. after they fled violence and risk in their home countries. After the Supreme Court’s ruling, all of them are at high risk of sudden deportation. “It is apparent that the government seeks a stay to enable it to inflict maximum predecision damage,” Jackson wrote.Read the full dissent here.View More Posts

The 12-year campaign to free Ross Ulbricht — the criminal mastermind behind the Silk Road, the original crypto-enabled dark web mail-order-drug emporium — finally ended in January, when newly-minted second term president Donald Trump officially pardoned the bitcoin criminal.Now, Ulbricht is picking up where he left off, getting his first taste of a world he left behind in 2013 when a federal judge sentenced him to two counts of life in prison, plus 40 years without parole.In sum, Ulbricht's feeling some culture shock. Taking the stage at the Bitcoin 2025 conference in Las Vegas this week, the drug kingpin was agog at the piles of kitschy tech products that had passed him by."When I walked out of prison a few months ago, I’d never seen a drone, used AI, or tried VR. I hadn’t even chatted with AI," Ulbricht marveled. "Now it's all hitting me at once — the freedom, the technology, the fact that I have a future again."He also basked in the glow of the crypto community's love — a parasocial following that lavished his clemency petition with over 600,000 signatures and an astonishing number of right-libertarian micro-celebrity endorsements."You didn't abandon me. You didn't forget me. You wrote me letters. You raised money for my defense. When I was silenced, you spoke up against the slander and the smears," the former dope baron lauded.Keep in mind, this wasn't a political activist jailed for protesting an unjust war, or a whistleblower whose life was destroyed after revealing a massive corporate fraud scheme.This is a guy who made millions selling drugs to teenagers and communities ravaged by the opioid crisis, resulting in at least six overdose deaths that we know of. (Not to mention the hitmen he tried to hire to take out his enemies, though he was unsuccessful.)At its peak in 2013, Ulbricht's Silk Road saw an estimated daily connected user base of 5.5 million. In just two years, it processed some $1.2 billion in illicit sales, according to the Department of Homeland Security.Through transaction fees, the service generated over $80 million worth of Bitcoin. Authorities in 2014 called it the "most sophisticated and extensive criminal marketplace on the internet."Of course, Ulbricht's saving grace isn't some ethical dilemma Trump has over incarceration or judicial mishandling, but the fact that he built Silk Road off the then-nascent blockchain. That single fact has cemented his status as a crypto superstar.For context, out of the 1.2 million citizens incarcerated in the US, over 360,000 of them face charges of nonviolent drug possession.In 2023, there were roughly 870,000 arrests for drug-related charges, the vast majority, or 87.8 percent of which were for drug possession — in other words, for carrying an impossibly tiny fraction of the volume that passed through Ulbricht's drug empire every minute.With his new lease on life, Ulbricht plans on paying it forward — not as an advocate for carceral reform or prison abolition, but to the crypto community of get-rich-quick schemers and granny scammers."With so much speed and chaos, it’s more important than ever to stay true to our principles," he told the crowd of cryptobros. "If we agree that we deserve freedom and that [crypto] decentralization secures it, we can stand together. Have each other’s backs, as you had mine. Freedom, decentralization, unity — stay true to these, and the future is ours."More on crypto: Visitors At This Bitcoin-Heated Spa Are Complaining About Mold and UTIsShare This Article

Shawn Kemp agrees to a plea deal in iPhone-related shooting, iCloud evidence is used in crypto indictment, and a stolen iPhone ends up in China in this week's Apple Crime Blotter.The Apple Store in Beavercreek, OhioThe latest in an occasional AppleInsider series, looking at the world of Apple-related crime. Continue Reading on AppleInsider | Discuss on our Forums

Each week on Polygon, we round up the most notable new releases to streaming and VOD, highlighting the biggest and best new movies for you to watch at home. This week, Captain America: Brave New World, the Marvel superhero movie starring Anthony Mackie and Harrison Ford, smashes its way onto Disney Plus after hitting video on demand in April. It’s a big week for animation, with the Oscar-nominated The Wild Robot and the Korean science fiction romance Lost in Starlight both releasing on Netflix, while DreamWorks’ adaptation of Dav Pilkey’s internationally bestselling Dog Man graphic novel series arrives on Peacock. New titles available to rent include the Chinese legal thriller The Prosecutor, and two tales of forbidden love: the Shakespearean musical Juliet & Romeo and The Grey director Joe Carnahan’s action flick Shadow Force. Here’s everything new that’s available to watch this weekend! New on Netflix Lost in Starlight Genre: Science fiction romanceDirector: Han Ji-wonCast: Kim Tae-ri, Hong Kyung/Maitreyi Ramakrishnan, Justin H. Min Set in 2050 Seoul, Netflix’s first Korean original animated film is a story of literally star-crossed lovers. An astronaut headed for Mars and a musician fall for each other and face the pain of separation. Trying to make a long-distance relationship work is especially difficult when you’re 139 million miles away from each other. A Widow’s Game Genre: Crime dramaDirector: Carlos SedesCast: Carmen Machi, Ivana Baquero, Tristán Ulloa Based on a true story, this Spanish film stars Ivana Baquero (Pan’s Labyrinth) as Maje, the young widow of a man stabbed seven times and left in a parking lot in a seeming crime of passion. The investigation leads to Maje’s lovers, as the police try to figure out who’s really behind the crime. The Wild Robot Genre: Family science fictionRun time: 1h 42mDirector: Chris SandersCast: Lupita Nyong’o, Pedro Pascal, Kit Connor Based on Peter Brown’s middle-grade book, DreamWorks’ Academy Award-nominated film follows Roz (Lupita Nyong’o), a helpful robot who accidentally washes up on an island that’s only inhabited by animals. While she initially terrifies all the creatures there, she winds up befriending a fox (Pedro Pascal) who helps her raise a runty gosling (Kit Connor) and prepare him for his first migration. From our review:  From director Chris Sanders (Lilo & Stitch, How to Train Your Dragon), The Wild Robot is a tenderly crafted story that pushes computer animation in a beautiful new direction — and is exactly the sort of movie that the current animation landscape so desperately needs. New on Disney Plus Captain America: Brave New World Genre: Superhero actionRun time: 1h 58mDirector: Julius OnahCast: Anthony Mackie, Danny Ramirez, Harrison Ford Set after the events of The Falcon and the Winter Soldier, Captain America: Brave New World sees Sam Wilson — having fully embraced his role as the new Captain America — being called on to resolve an international incident in the wake of a failed assassination attempt on newly elected President Thaddeus “Thunderbolt” Ross (Harrison Ford). With time running out and the walls closing in, will Sam be able to come out on top and rescue the world from the brink of devastation? Probably! From our review: As a Captain America movie, Brave New World is batting strongly below average. Its plot is at least mildly reminiscent of 2014’s Captain America: The Winter Soldier, but it’s both fair and unfair to compare the two. Unfair in that Winter Soldier is still among the best-regarded MCU movies, while BNW is running uphill from table-setting a potential new Captain America franchise, dealing with post-production rewrites and reshoots, and the general malaise of the MCU’s post-Avengers: Endgame audience. But fair in that, like Winter Soldier, BNW was also clearly designed as a grounded thriller (by the sliding scale of “grounded” in the MCU) featuring global political stakes and a superpowered conspiracy at its heart. New on Hulu The Seed of the Sacred Fig Genre: Political dramaRun time: 2h 48mDirector: Mohammad RasoulofCast: Soheila Golestani, Missagh Zareh, Mahsa Rostami Writer and director Mohammad Rasoulof had to flee Iran after he was sentenced to eight years in prison ahead of the premiere of The Seed of the Sacred Fig. The Oscar- and Golden Globe-nominated film is a fictional story set against the backdrop of political protests, incorporating real footage of the 2022 and 2023 unrest that followed the death of 22-year-old Jina Mahsa Amini, who was fatally beaten by Iranian “morality police” under the accusation that she was wearing her hijab improperly. New on Peacock Dog Man Genre: Family comedyRun time: 1h 29mDirector: Peter HastingsCast: Peter Hastings, Pete Davidson, Lil Rel Howery Peter Hastings continues the Captain Underpants franchise with an adaptation of Dav Pilkey’s graphic novel series about a hero created when a police officer and his dog were stitched together into one individual after being wounded while failing to defuse a bomb. Pete Davidson plays Dog Man’s evil cat nemesis in the DreamWorks film, which uses CG animation styled to resemble craft materials. New on Starz Flight Risk Genre: ThrillerRun time: 1h 31mDirector: Mel GibsonCast: Mark Wahlberg, Topher Grace, Michelle Dockery No one is quite who they seem in Mel Gibson’s claustrophobic thriller, where a U.S. Marshal (Michelle Dockery) hires a pilot (Mark Wahlberg) to get an informant from Alaska to New York so he can testify against the crime family he worked for. As they travel across the wilderness, the group fights for control of the increasingly tense and violent flight. New on Shudder and HIDIVE Vampire Hunter D Genre: Horror animeRun time: 1h 31mDirector: Toyoo AshidaCast: Kaneto Shiozawa, Michie Tomizawa, Seizō Katō AMC Networks re-released a digitally remastered version of Toyoo Ashida’s classic anime film to celebrate its 40th anniversary in theaters in April, and is now offering it across both its anime and horror streaming services. Set in a far future where vampires rule the world, the action-packed film follows a mysterious vampire hunter hired to protect a woman from a vampire lord who wants her to be his next bride. New to digital Fight or Flight Genre: Action comedyRun time: 1h 42mDirector: James MadiganCast: Josh Hartnett, Katee Sackhoff, Charithra Chandran Basically Bullet Train but in the air, Fight or Flight casts Black Hawk Down and Penny Dreadful star Josh Hartnett as a disgraced Secret Service agent given the chance to clear his name by catching an elusive hacker known as the Ghost, who’s boarded a flight from Bangkok to San Francisco. Unfortunately, the plane is packed with assassins looking to kill the Ghost and anyone who gets in their way. Juliet & Romeo Genre: Musical romanceRun time: 2h 2mDirector: Timothy Scott BogartCast: Jamie Ward, Clara Rugaard, Rupert Everett West Side Story already did the decisive musical version of Shakespeare’s tragedy Romeo and Juliet, but this adaptation plays closer to the original text while adding a soundtrack full of original pop tunes to the tale of two feuding houses of Verona. Filmed on location in Italy, Juliet & Romeo’s high-profile supporting cast includes Jason Isaacs (Harry Potter, The White Lotus) as Lord Montague and Rebel Wilson (Bridesmaids, Pitch Perfect) as Lady Capulet. The Prosecutor Genre: Legal thrillerRun time: 1h 57mDirector: Donnie YenCast: Donnie Yen, Cheung Chi Lam Julian, Michael Hui Ip Man’s Donnie Yen directs and stars in this Chinese legal thriller loosely based on a real 2016 drug trafficking case. Yen plays detective Fok Chi-ho, who loses faith in policing and decides the better way to ensure criminals face justice is as a public prosecutor. The Prosecutor might be mostly courtroom drama, but there’s still plenty of action, combining old-school martial arts techniques with modern film technology. Shadow Force Genre: Action thrillerRun time: 1h 43mDirector: Joe CarnahanCast: Kerry Washington, Omar Sy, Mark StrongEight years ago, Kyrah Owens (Kerry Washington of Scandal and Little Fires Everywhere) and Isaac Sarr (Omar Sy of Lupin and Jurassic World) joined a multinational special forces group dubbed Shadow Force, but they’ve left that life behind to raise their son. Their old boss (played by Mark Strong of Shazam! and Sherlock Holmes) doesn’t accept their resignation, and is trying to hunt them down.

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Since the Chinese biophysicist He Jiankui was released from prison in 2022, he has sought to make a scientific comeback and to repair his reputation after a three-year incarceration for illegally creating the world’s first gene-edited children.  While he has bounced between cities, jobs, and meetings with investors, one area of visible success on his come-back trail has been his X.com account, @Jiankui_He, which has become his main way of spreading his ideas to the world. Starting in September 2022, when he joined the platform, the account stuck to the scientist’s main themes, including promising a more careful approach to his dream of creating more gene-edited children. “I will do it, only after society has accepted it,” he posted in August 2024. He also shared mundane images of his daily life, including golf games and his family. But over time, it evolved and started to go viral—first with a series of selfies accompanied by grandiose statements (“Every pioneer or prophet must suffer”), and then, in April of this year, it became particularly outrageous and even troll-like, blasting out bizarre messages (“Good morning bitches. How many embryos have you gene edited today?”). This has left observers unsure what to take seriously. Last month, in reply to MIT Technology Review’s questions about who was responsible for the account’s transformation into a font of clever memes, He emailed us back: “It’s thanks to Cathy Tie.” You may not be familiar with Tie but she’s no stranger to the public spotlight. A former Thiel fellow, she is a partner in the attention-grabbing Los Angeles Project, which promised to create glow-in-the-dark pets. Over the past several weeks, though, the 29-year-old Canadian entrepreneur has started to get more and more attention as the new wife to (and apparent social media mastermind behind) He Jiankui. On April 15, He announced a new venture, Cathy Medicine, that would take up his mission of editing human embryos to create people resistant to diseases like Alzheimer’s or cancer. Then just a few days later, on April 18, He and Tie announced that they got married, posting pictures of themselves in traditional Chinese wedding attire. But now, Tie says that just a month after marrying “the most controversial scientist in the world,” her plans to relocate from Los Angeles to Beijing to be with He are in disarray; she says she’s been denied entry to China and the two “may never see each other again,” as He’s passport is being held by Chinese authorities and he can’t leave the country. Reached by phone in Manila, Tie said authorities in the Philippines intercepted her during a layover on May 17 and told her she couldn’t board a plane to China, where she was born and where she says she has a valid 10-year visa. She claims they didn’t say why but told her she is likely “on a watch list.” (MIT Technology Review could not independently confirm Tie’s account.)  “While I’m concerned about my marriage, I am more concerned about what this means for humanity and the future of science,” Tie posted to her own X account. A match made in gene-editing heaven The romance between He and Tie has been playing out in public over the past several weeks through a series of reveals on He’s X feed, which had already started going viral late last year thanks to his style of posting awkward selfies alongside maxims about the untapped potential of heritable gene editing, or changing people’s DNA when they’re just embryos in an IVF dish.  “Human [sic] will no longer be controlled by Darwin’s evolution,” He wrote in March. That post, which showed him standing in an empty lab, gazing into the distance, garnered 9.7 million views. And then, a week later for 13.3 million: “Ethics is holding back scientific innovation and progress.”  In April, the feed started to change even more drastically.  He’s posts became increasingly provocative, with better English and a unique sensibility of online culture. “Stop asking for cat girls. I’m trying to cure disease,” the account posted on April 15. Two days later, the account followed-up: “I literally went to prison for this shit.”  This shift coincided with the development of his romance with Tie. Tie told us she has visited China three times this year, including a three-week stint in April when she and He got married after a whirlwind romance. She bought him a silver wedding ring made up of intertwined DNA strands.  The odd behavior on He’s X feed and the sudden marriage have left followers wondering if they are watching a love story, a new kind of business venture, or performance art. It might be all three.  A wedding photo posted by Tie on Chinese social media platform Rednote shows the couple sitting at a banquet hall, with a small number of guests. MIT Technology Review has been able to identify several people who attended: Cai Xilei, He’s criminal attorney; Liu Haiyan, an investor and former business partner of He; and Darren Zhu, an artist and Thiel fellow who is making a “speculative” documentary about the biophysicist that will blur the boundaries of fiction and reality. In the phone interview, Tie declined to say if she and He are legally married. Tie also confirmed she celebrated a wedding less than one year ago with someone else in California, in July of 2024, but noted they broke up after a few months; she also declined to describe the legal status of that marriage. In the phone call, Tie emphasized that her relationship with He is genuine: “I wouldn’t marry him if I wasn’t in love with him.” An up and comer Years before Tie got into a relationship with He, she was getting plenty of attention in her own right. She became a Thiel Fellow in 2015, when she was just 18. That program, started by billionaire Peter Thiel, gave her a grant of $100,000 to drop out of the University of Toronto and start a gene testing company, Ranomics.  Soon, she began appearing on the entrepreneurs circuit, a “wunderkind” who was featured on a Forbes “30 Under 30” list in 2018 and was presented as an up-and-coming venture capitalist on CNN that same year. In 2020, she started her second company, Locke Bio, that focuses on online telemedicine. Like Thiel, Tie has also staked out contrarian positions. She’s called mainstream genomics a scam and described entrepreneurship as a way to escape the hidebound practices of academia and bioethics. “Starting companies is my preferred form of art,” she posted in 2022, linking to an interview on CNBC.  By February 2025, Tie was ready to announce another new venture, the Los Angeles Project, a stealth company she had incorporated in 2023 under her legal name, Cheng Cheng Tie. The company, started with the Austin-based biohacker and artist Josie Zayner, says it will try to modify animal embryos, including to make fluorescent glow-in-the-dark rabbits as pets. The Los Angeles Project revels in explicitly transgressive aims for embryo editing, including a plan to add horn genes to horse embryos to make a unicorn. That’s consistent with Zayner’s past stunts, which include injecting herself with CRISPR during a livestream. “This is a company that should not exist,” Zayner said in announcing the newly public project. Although the Los Angeles Project has only a tiny staff with uncertain qualifications, it did raise $1 million from the 1517 fund, a venture group that supports “dropouts” and whose managers previously ran the Thiel Fellowship.  Asked for his assessment of Tie, Michael Gibson, a 1517 partner, said in an email that he thinks Tie is “not just exceptional, but profoundly exceptional.” He sent along a list of observations he’d jotted down about Tie before funding her company, which approvingly noted her “hyper-fluent competence” and “low need for social approval. Thoughts & actions routinely unconventional.”  A comeback story He first gained notoriety in 2018, when he and co-workers at the Southern University of Science & Technology in Shenzhen, injected the CRISPR gene-editor into several viable human embryos, and then transferred these into volunteers, leading to the birth of three girls who he claimed would be resistant to HIV. A subsequent Chinese investigation found he’d practiced medicine illegally while “pursuing fame and fortune.” A court later sentenced him to three years in prison. He has never apologized for his experiments, except to say he acted “too quickly” and to express regret for the trouble he’d caused his former wife and two daughters. (According to a leaked WeChat post by his ex-wife, she divorced him in 2024 “because of a major fault on his side.”) Since his release from prison, He has sought to restart his research and convince people that he should be recognized as the “Chinese Darwin,” not “China’s Frankenstein,” as the press once dubbed him.  But his comeback has been bumpy. He lost a position at Wuchang University of Technology, a small private university in Hubei province, after some negative press. In February 2024, He posted that his application for funding from the Muscular Dystrophy Association was rejected. Last September, he even posted pictures of his torn shirt—which he said was the result of an assault by jealous rivals. One area of clear success, though, was the growing reach of his X profile, which today has ballooned to more than 130,000 followers. And as his public profile rose, some started encouraging He to find ways to cash in. Andrew Hessel, a futurist and synthetic biologist active in US ethics debates, says he tried to get He invited to give a TED Talk. “His story is unique, and I wanted to see his story get more widespread attention, if only as a cautionary tale,” Hessel says. “I think he is a lightning rod for a generation of people working in life sciences.” Later, Hessel says he sent him information on how to join X’s revenue-sharing program. “I said, ‘You have a powerful voice.’ Have you looked into monetization?” Hessel says. By last fall, He was also welcoming visitors to what he called a new lab in Beijing. One person who took him up on the offer was Steve Hsu, a Michigan State physics professor who has started several genetics companies and was visiting Beijing.  They ended up talking for hours. Hsu says that He expressed a desire to move to the US and start a company, and that he shared his idea for conducting a clinical trial of embryo editing in South Africa, possibly for the prevention of HIV.  Hsu says he later arranged an invitation for He to give a lecture in the United States. “You are a little radioactive, but things are opening up,” Hsu told him. But He declined the offer because the Chinese government is holding his passport—a common tactic it uses to restrict the movement of sensitive or high-profile figures—and won’t return it to him. “He doesn’t even know why. He literally doesn’t know,” says Hsu. “According to the law, they should give it back to him.” A curious triangle Despite any plans by He and Tie to advance the idea, creating designer babies is currently illegal in most of the world, including China and the US. Some experts, however, fret that forbidding the technology will only drive it underground and make it attractive to biohackers or scientists outside the mainstream.  That’s one reason Tie’s simultaneous connection to two notable biotech renegades—He and Zayner—is worth watching. “There is clearly a triangle forming in some way,” says Hessel. With Tie stuck outside China, and He being kept inside the country, their new gene-editing venture, Cathy Medicine, faces an uncertain future. Tie has posted previously on Rednote that she was “helping Dr. He open up the U.S. market,” and was planning to return to the US with He for scientific research. But when we spoke on the phone, Tie declined to disclose their next steps and said their predicament means the project is “out of the window now.” But even as the couple remains separated, their social media game is stronger than ever. As she waited in Manila, Tie sought help from friends and followers, even the entire internet. She blasted out a tweet to “crypto people” calling them “too pussy to stand up for things when it matters.” Within hours, someone had created a memecoin called $GENE as a way for the public to support the couple.  On May 20, Tie posted on X claiming that the amount donated to them is now worth almost $2 million. “I may need to retract my last statement about crypto,” wrote Tie.  He’s X account also retweeted to express support: “I only want to reunite with my wife @CathyTie, and continue my gene editing research.” He added the hashtag $GENE.