The legal architecture for federal enforcement against unauthorized e-cigarettes is broader than most coverage of the issue suggests. A March 2026 GAO report (GAO-26-107991) maps out the full range of tools available to the Department of Justice—and which ones actually get used.

The Legal Basis

Two statutes form the primary framework. The Federal Food, Drug, and Cosmetic Act prohibits the distribution of e-cigarette products that are adulterated or misbranded in interstate commerce. Under FDA’s 2016 rule extending its tobacco authority to e-cigarettes, any product sold without FDA premarket authorization is automatically considered adulterated and misbranded—meaning the unauthorized status of a product is itself the legal violation, not any separate showing of harm or deception.

When the federal government has moved most decisively against illegal e-cigarettes, it has done so through a structure that didn’t exist two years ago. The interagency e-cigarette task force, established by DOJ and FDA in June 2024, coordinates enforcement activity across multiple agencies and has produced the largest individual seizures in the enforcement record. A March 2026 GAO report (GAO-26-107991) provides the most complete public accounting of the task force’s membership and activities.

Of the more than 6,000 e-cigarette products estimated to be available for sale in the United States as of June 2024, only 39 had received authorization from the Food and Drug Administration as of December 2025. Every other product on the market is, by definition, illegal—subject to seizure and enforcement action under federal law. The gap between the size of the unauthorized market and the scale of the federal response is the subject of a March 2026 GAO report (GAO-26-107991) examining the Department of Justice’s enforcement record on unauthorized e-cigarettes.

Oil Shock Incoming as Iran Tensions Explode

The world woke up this morning to one of the most consequential moves in recent Middle East history: President Donald Trump has ordered a U.S. naval blockade of the Strait of Hormuz, effective immediately.

What Just Happened

After marathon negotiations in Islamabad between the U.S. and Iran collapsed without a deal on Sunday, Trump moved decisively. The U.S. Central Command issued a notice to mariners declaring that unauthorized vessels in the Gulf of Oman and Arabian Sea east of the Strait will be subject to interdiction.

Financial industry leaders convened to discuss the cyber risks posed by Anthropic’s latest AI model after it reportedly found weaknesses in every major computer operating system. That’s a sentence that would have read as science fiction five years ago. It’s now a compliance meeting.

The specifics of what was found, and how, remain unclear from public reporting — which is its own kind of signal. When that kind of information circulates first in closed industry sessions rather than public disclosures, it suggests the vulnerabilities are either still being patched, or the exposure is broad enough that nobody wants to start a countdown clock before fixes are in place. Either way, the episode is a clean illustration of the dual-use problem at the core of frontier AI: the same capability that finds vulnerabilities defensively is also the one that finds them offensively. The institutions meeting about this risk are right to take it seriously. Whether they’re moving fast enough is a different question.

The four astronauts aboard NASA’s Artemis II mission splashed down safely after completing the first crewed lunar flyby since Apollo 17 in 1972. The crew became the first humans to see parts of the moon’s far side with the naked eye — a small but genuinely historic distinction in a mission that, from the outside, can seem like a very expensive test of existing hardware.

It is, to some extent, exactly that. Artemis II was never going to land on the moon. Its job was to prove the systems — Orion, SLS, the life support, the reentry profile — work with people inside. By that measure it appears to have succeeded. What comes next is Artemis III, which is supposed to put boots on the lunar surface. The pressure on that mission, whenever it launches, will be considerable. For now, four people who went to the moon and came back are home.

Bill Gates is set to testify before the House Oversight Committee in June as part of its investigation into Jeffrey Epstein. Former Attorney General Pam Bondi, by contrast, will not testify for now — the DOJ declined. Melania Trump, meanwhile, issued a public statement from the White House insisting she was not friends with Epstein and calling on Congress to take further action.

The spectacle of congressional Epstein hearings is by now a familiar one: high-profile names, carefully managed testimony, and outcomes that rarely match the gravity of the underlying subject. Gates’s appearance will be watched closely given the documented history of meetings between the two men that Gates has previously described as a mistake. Whether a congressional hearing is the mechanism for learning anything genuinely new about Epstein’s networks is a separate question from whether it will happen. It will happen.

Last month was the hottest March ever recorded for the contiguous United States — and not by a small margin. Federal data shows it exceeded previous records by the largest gap ever logged for any month, which is the kind of statistical anomaly that stops being reassuring to explain away. A forecast El Niño is expected to push temperatures higher still in the months ahead.

March being warm doesn’t make every summer extreme, and climate operates at scales that resist single-month narratives. But the margin matters. When records aren’t just broken but shattered, it suggests the baseline is shifting faster than the models anticipated, or that the models were right and we’re simply further along the curve than most public discourse has caught up to. Either interpretation leads to the same place.

A critical remote code execution vulnerability in Marimo — an open-source Python notebook tool used heavily in AI and data science workflows — was weaponized by attackers roughly nine hours after public disclosure. The flaw, tracked as CVE-2026-39987, allowed unauthenticated access. Within a working day of anyone knowing about it, someone was using it.

Nine hours is not an anomaly anymore; it’s a benchmark. The window between vulnerability disclosure and active exploitation has collapsed to the point where patch cycles that assume days or weeks of safety are simply wrong. For teams running notebook environments close to model infrastructure or internal data pipelines, this particular incident is worth treating as a drill. The CVE was patched; the lesson — that developer tooling is a high-value attack surface and exposure time is measured in hours — is ongoing.

Twenty-one hours of negotiations in Islamabad produced nothing. Vice President Vance, Steve Witkoff, and Jared Kushner sat across from senior Iranian officials — including the speaker of the Iranian Parliament — and walked away without an agreement. The sticking point, as Vance framed it, was Iran’s unwillingness to make a “fundamental commitment” not to develop a nuclear weapon or the means to quickly build one. That’s a reasonable bar to set. It’s also one Iran was always unlikely to clear under these conditions.