Day 22: Iran reaches for Diego Garcia while Washington reaches for the sanctions pen — the war of contradictions.
The Longest Strike
Iran fired two missiles at Diego Garcia, the joint US-UK base in the Indian Ocean — 4,000 kilometers from Iranian soil. Neither hit. But the target selection speaks louder than the accuracy: this is Iran demonstrating reach, not delivering a knockout blow. The base hosts B-2 bombers capable of striking anywhere in the Persian Gulf.
Hours earlier, Treasury Secretary Bessent had waived sanctions on 140 million barrels of Iranian oil at sea — a remarkable policy reversal as war-driven prices bite. The contradictions multiply: Trump says he’s “getting very close to meeting our objectives” while the Pentagon deploys additional marines and amphibious assault ships. The Strait of Hormuz remains closed. Iraq has declared force majeure on its oilfields. Qatar stands to lose $20 billion annually from the damage to Ras Laffan. Switzerland has halted weapons exports to the US, citing neutrality.
Diego Garcia in the Indian Ocean
— the furthest target Iran has attempted to strike.
A Drone Catches a Helicopter
Ukraine’s fiber-optic FPV drones have claimed their third mid-air kill: a $16 million Ka-52 attack helicopter near Pokrovsk. Russian milbloggers criticized their own command for risking expensive helicopters on unguided rocket missions within Ukrainian drone range. Meanwhile, ISW observed company-sized mechanized assaults across multiple sectors — the Spring-Summer offensive is either imminent or already underway. Ukrainian forces have nearly cleared Russians from Kupyansk; milbloggers acknowledge this and criticize command for fabricating victory claims four months ago.
Russian Ka-52 moments before a
Ukrainian FPV drone strike — the third mid-air helicopter kill of the
war.
The Scanner That Keeps Getting Owned
Trivy, Aqua Security’s vulnerability scanner used across thousands of
CI/CD pipelines, was compromised for the second time in three weeks.
Attackers pushed malicious binaries that phone home to a typosquat
domain, modified both setup-trivy and
trivy-action GitHub Actions to harvest credentials from
workflow environments. The irony of a security scanner becoming a supply
chain attack vector is not lost on anyone.
Also today — Musk found liable for misleading Twitter investors. Hawaii evacuates 5,500 as a 120-year-old dam threatens to fail. Mexico’s monarch butterflies cover their largest area since 2018. CBS News shutters its 99-year-old radio service. Madagascar’s military ruler requires ministers to pass lie detector tests.
Markets
| Indicator | Value | Change |
|---|---|---|
| Oil | — | +3.5% |
| S&P 500 | — | −1.7% |
| Gold | — | −3.1% |
| VIX | 26.78 | — |
| EUR/USD | 1.0843 | — |
| USD/NOK | 10.82 | — |
Oil up on Hormuz closure and Iraq force majeure; US sanctions relief on Iranian crude failed to offset supply fears. Risk-off as Iran strikes Diego Garcia.
Flooded streets in Haleiwa,
Hawaii — the worst flooding on Oahu in 20 years.
The Ka-52 burning on the ground
after the FPV strike.
Fire at a Czech drone factory
producing drones for Ukraine — suspected sabotage.
Side-by-side floorplan
comparison of PIO and BIO implementations on the same FPGA — BIO
achieves 50% less area.