Featured

Trump: Iran asked me to be Supreme Leader, but I said no thanks

Trump’s “Iran asked me to be Supreme Leader” joke at an NRCC fundraiser uses a real, deadly leadership crisis in Iran to normalize assassination-as-policy and blur what’s confirmed about the war and succession.

Mar 26, 2026

Featured

‘Men need to be perp-walked’ after Epstein files release, Massie tells BBC

A GOP lawmaker says the Epstein document releases are still falling short—because redactions and withheld material may be blocking accountability and survivor-centered justice.

Mar 25, 2026

Buried.News

The stories buried under the noise

Primary focus

Trump fires Kristi Noem as Homeland Security Secretary

A Cabinet secretary was forced out amid contracting and oversight scrutiny, signaling that executive control—not transparent accountability—can dictate leadership of the agency driving mass detention and deportation.

Mar 5, 2026

Featured

The Trump gold coin is not normal : Consider This from NPR

A federal design panel OK’d a Trump portrait for a commemorative gold coin, but the key question is whether Treasury can legally bypass long-standing limits meant to keep living politicians off U.S. money.

Mar 23, 2026

Featured

White House Confronted Over Huge Bets Made Minutes Before Trump’s Big War Move

A $580 million burst of oil-futures selling minutes before Trump’s Iran “talks” post raises a basic public-interest question: did anyone trade on advance knowledge of a market-moving national security decision?

Mar 24, 2026

Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started

A destructive cyberattack tied to Iran’s intelligence apparatus shows how quickly wartime pressure can jump from spying to disabling critical U.S. corporate operations.

Iran War

Mar 12, 2026

Sources

https://www.nbcnews.com/world/iran/iran-appears-conducted-significant-cyberattack-us-company-first-war-st-rcna263084

Summary

An Iran-linked hacker group claimed responsibility for a cyberattack that disrupted Stryker’s Microsoft environment and wiped some employee devices. The incident reflects an escalation from wartime cyber-espionage and low-impact defacements into destructive action against a U.S. company. The practical consequence was halted employee communications and work when work-issued phones stopped functioning.

Reality Check

A normalized shift toward destructive cyber operations against U.S. companies weakens the guardrails that separate conflict from domestic civilian disruption. When device-management systems can be turned into remote wipe weapons, everyday corporate infrastructure becomes a frontline target. Our resilience depends on treating these intrusions as national security events with clear accountability, not routine IT outages.

Detail

Handala Team, a hacker group that cybersecurity companies link to Iran’s Intelligence Ministry, claimed responsibility for a cyberattack affecting Stryker, a Michigan-headquartered medical technology company. A Stryker employee said work-issued phones stopped working, disrupting work and internal communications.

Stryker said it experienced a global network disruption in its Microsoft environment due to a cyberattack, that its own systems were not directly hacked, and that there was no indication of ransomware or malware. Public evidence cited by cybersecurity reporting indicated the attackers likely accessed Stryker’s Microsoft Intune account, which is used to manage corporate devices. From the Intune management console, the attackers appeared to trigger a remote wipe function that reset some employees’ devices to factory settings, according to Sophos threat intelligence director Rafe Pilling. Microsoft describes remote wipe as a common feature for retiring, repurposing, troubleshooting, or securely erasing lost or stolen devices.

Norms Impact

Exclusive: DOGE staffer

A federally network-cleared “senior adviser” is tied by digital records to services for a cybercrime group, shattering the baseline norm that access follows rigorous, conflict-aware vetting.

Executive

Mar 26, 2025

Sources

https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/?utm_source=reddit.com

Summary

Digital records reviewed show Edward Coristine, a prominent technologist on Elon Musk’s U.S. DOGE Service team, previously provided network services to a cybercrime group calling itself EGodly. He is listed as a senior adviser in staff directories at the State Department and the Cybersecurity and Infrastructure Security Agency while DOGE has been given sweeping access to official networks. The result is a federal network-security posture exposed to heightened risk from recent, documented proximity to actors linked to stolen-data trafficking claims, cyberstalking, and swatting.

Reality Check

Granting sweeping government-network access alongside a recent, documented service relationship to a cybercrime-branded operation is the kind of preventable exposure that can weaken democratic stability and, in practice, put our data and rights at risk. The conduct described is not clearly chargeable on this record alone, but it raises unavoidable questions under federal computer-crime and data-trafficking frameworks commonly implicated in such ecosystems, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and the identity-fraud statute (18 U.S.C. § 1028). Even without proof of knowing participation in hacking, embedding someone with this proximity inside CISA and State while DOGE gains broad access erodes the norm that cybersecurity gatekeeping is strict, recent-risk aware, and insulated from informal favoritism.

Detail

Edward Coristine, 19, is among the most visible members of Elon Musk’s U.S. DOGE Service team, which has been given sweeping access to official networks while pursuing a project to downsize the U.S. government. Beginning around 2022, Coristine ran a company called DiamondCDN that provided network services, according to corporate and digital records and interviews with former associates.

Digital records preserved by DomainTools and Any.Run show the cybercrime group EGodly’s website, dataleak.fun, was tied to internet protocol addresses registered to DiamondCDN and other Coristine-owned entities between October 2022 and June 2023, and some visitors encountered a DiamondCDN “Security check.” On Feb. 15, 2023, EGodly publicly thanked DiamondCDN on Telegram for “DDoS protection and caching systems.”

Coristine did not respond to messages. DOGE and the State Department did not respond to questions; CISA declined comment. Coristine is listed as a “senior adviser” at State and CISA, and describes himself on LinkedIn as a “Volunteer (Intern) Plumber” with the U.S. government.