A federal judge in Massachusetts struck down major sections of a Trump administration executive order  that would have restricted mail-in ballots through the U.S. Postal Service and required states to adopt federally approved voter lists.

The ruling Thursday from Judge Indira Talwani of the U.S. District Court of Massachusetts found those parts of the order were unconstitutional, while declaring another section that directs federal law enforcement agencies to investigate and prosecute noncompliant state and local officials legally nonbinding.

Talwani wrote that the U.S. Constitution empowers States and Congress in different roles but “does not grant the President any specific power over elections.”

While the White House has cited the 2002 Help America Vote Act (HAVA) and Civil Rights-era voting laws as justification, Talwani found those laws do not authorize the government to regulate state voter registration practices.

“Notably, nowhere in HAVA does Congress prescribe who should be included on State voter lists,” Talwani wrote. “Further, neither in HAVA nor any other federal statute does Congress authorize the federal government to create their own voting database. Instead, Congress, consistent with the Constitution, has left that authority to the States alone.”

Talwani also declined to remove President Trump and Commerce Secretary Howard Lutnick as named defendants in the suit, rejecting the administration’s argument that the court could not regulate or intrude upon the president’s’ constitutional authority “in the performance of his official duties.”

“Contrary to Defendants assertion, Presidential action is not inherently unreviewable,” Talwani wrote.

The order, issued in March, instructs the Homeland Security secretary, the director of U.S. Citizenship and Immigrations Services and the commissioner of the Social Security Administration to compile lists of American voters for each state, including their supposed citizenship status.

To build the lists, the agencies would rely on the controversial Systemic Alien Verification for Entitlements (SAVE) database that DHS has been building under the Trump administration, as well as Social Security and federal citizenship and naturalization records.

Those lists would then be sent to states, most of which have already refused similar Trump administration efforts to control voter registration.. The order instructs the Department of Justice to investigate  and prosecute  state and local election officials who issue  ballots to ineligible voters. 

The order also requires mail-in ballots to be sent in special barcoded envelopes for tracking. Crucially, it demands states provide lists of voters eligible for mail-in voting, and threatens to deny ballots to states that refuse. It also claims the attorney general is entitled to withhold federal funding from noncompliant states.

Talwani found that states have shown they already have a rigorous voter registration and verification process to ensure non-citizens and other ineligible voters aren’t able to vote in U.S. elections, and have laws in place to investigate and prosecute those who do.

Executive branch lawyers argued the order was merely an internal federal directive that does not impedestate authorities. But Talwani noted that states like Connecticut were already pulling staff from critical activities, such as translating election materials required under the Voting Rights Act, to develop compliance plans for the order.

Nearly half of the states in the lawsuit have already purchased mail-in ballots for this election cycle that are out of compliance with the Postal Service’s envelope and design standards.

Despite a string of losses in the courts and Congress, the White House has continued to assert broad authority over the way states and localities administer elections.

The Department of Justice has sued dozens of states to force them to hand over sensitive voter data. In the 10 cases decided so far, states have won every one.

In their opinions, judges cited the executive branch’s lack of inherent authority to create state voter lists. Others accused the DOJ of misusing Civil Rights-era laws designed to protect Black and minority voters,  creating an “unreliable” database that would disenfranchise  legitimate voters.

The Massachusetts ruling comes to the same conclusion, with Talwani writing “it is clear that the federal agencies charged with compiling Confirmed Citizen Lists lack the ability to create complete and accurate lists of the U.S. citizens residing in every State.”

On Wednesday, Trump canceled a signing ceremony for a bipartisan housing bill in an attempt to pressure  congressional Republicans to pass the SAVE America Act, which would implement many of the same changes to U.S. elections. In a Truth Social post, Trump said he considered passage of the bill to be a “National Emergency.”

The post Federal court rules Trump election-focused executive order illegal appeared first on CyberScoop.

The security defects allow unauthenticated users to take control of the open source software supply chain.

The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.

A federal court ruled Monday that the Trump administration’s national voter database violates federal privacy laws, interferes with Americans’ right to vote, and must be dismantled.

In the ruling, Judge Sparkle L. Sooknanan of the District Court of Washington D.C. wrote that records reviewed by the court show federal agencies knew that the SAVE voter database violated federal laws like the Privacy Act, the Social Security Act and the Administrative Procedure Act, but were “scrambling” to comply with President Trump’s executive order to create a system for mass voter verification.

That pressure resulted in agencies “haphazardly” combining and repurposing the personal information of millions of Americans from different government databases, including citizenship data they knew was unreliable.

“The Court therefore sets aside and vacates the 2025 SAVE modified system and the related notices because they were contrary to law, arbitrary and capricious, in excess of statutory authority, and without observance of procedure required by law,” Sooknanan wrote.

The League of Women Voters, its local affiliate groups and the Electronic Privacy Information Center filed the lawsuit last year. They argued the administration violated privacy laws that restrict the government’s ability to collect or combine private data without congressional authorization.

Sooknanan wrote that the SAVE database violates a prohibition in the Social Security Act against the disclosure of Social Security numbers and other related SSA records as well as substantive and procedural protections in the Privacy Act, which prevent the non-consensual disclosure of certain information both by federal agencies and between federal agencies and require notice and comment.

The court also ruled that SAVE violates the Administrative Procedures Act, which governs how the federal government develops regulations and makes official decisions to ensure they’re fair and impartial.

Sooknanan had earlier declined to rule the database illegal under the Administrative Procedures Act, saying the plaintiffs had failed to prove the data would cause  irreparable harm. In her final ruling, she changed course, writing that the states have since run their voter rolls through the federal government’s modified SAVE system, and some voters have been wrongfully identified as non-citizens and had their voter registrations canceled.

“All in all, the federal government has knowingly trampled on the privacy rights of American citizens in a manner that threatens the sacred right to vote,” Sooknanan wrote. “This Court cannot stand idly by while that happens.”

The ruling reinforces longstanding objections from former government officials and privacy experts over the past year, who have said Congress has repeatedly passed privacy laws explicitly to prevent the executive branch from using Americans’ data in ways not proscribed through law. That is what DHS did last year when it took SAVE, a database meant to process government benefits for legal immigrants, and combined it with data from the Social Security Administration and other agencies to create a new massive database of American voters and their citizenship status.

John Davisson, deputy director of enforcement at EPIC, celebrated the decision in a statement, saying the ruling “underscores that government agencies must follow the law, defend privacy and remain accountable to the public they serve.”

 “Today’s decision is a victory for us all. By halting the illegal consolidation of sensitive personal data across federal agencies, the court has safeguarded not only our privacy rights but also the bedrock of our democracy: the right to vote,” said Davisson. 

The post Court rules SAVE database illegal, orders it dismantled appeared first on CyberScoop.

By continuously analyzing security, infrastructure, and governance data, TrustCloud aims to give CISOs a real-time view of application risk and board-ready assurance.

The post Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire appeared first on SecurityWeek.

In the post-Mythos era, the company’s platform helps organizations enforce security controls across environments.

The post Aryon Security Raises $29 Million in Series A Funding appeared first on SecurityWeek.

Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.

The post After AI Reaches Production: 12 Ways Security Teams Can Take Control appeared first on SecurityWeek.

Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible.

The post New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications appeared first on SecurityWeek.

ON SECURITY By Susan Bradley Normally, I like to give actionable information. This article won’t do that. Sure, I’ll give you a few tips here and there, but for the vast majority of this week’s column, I’ll be pointing out instances of vendor arrogance. I’m going to begin with Microsoft (of course, and deservedly so), […]

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.

The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.

Former Mesa County, Colorado election clerk Tina Peters remained unapologetic in her first public interview since her prison sentence was commuted, reiterating many of the same conspiratorial beliefs about elections while vowing to recover her health and fight on in court to have her criminal record expunged.

In an interview with former Trump campaign manager and White House official Steve Bannon, Peters called it a “miracle” that Democratic Governor Polis commuted her sentence and defended him from “the horrible media and haters” who were critical of the move.

Peters said those critics “don’t go after murderers and people like that [Polis] chose to pardon but they go after me, so there is a concern there for my well-being and my safety.”

Although Polis has said that Peters expressed contrition for her crimes prior to the commutation, she complained in her interview with Bannon that the Colorado governor had refused to issue her a full pardon that would remove the conviction from her criminal record, vowing to continue to “fight” the matter in court using leftover legal funds.

“Even though Governor Polis reduced my sentence from nine years to four and a half years, I still have a fight to clear my name and bring the truth of why they came after me the way they did,” Peters said.

Peters was convicted of seven felonies and sentenced to nine years in prison for stealing another person’s identity and using it to break into Mesa County election facilities, turn off the cameras and take voting system data.

Polis’ commutation of Peters sentence, which came after two years of relentless pressure from Trump, was met with cheers from conservative allies and bitter criticism from members of his own party.

The Colorado Democratic Party censured Polis and banned him from participating in future state party events. Incumbent Senator Michael Bennet, D-Colo., is running to succeed Polis as the Democratic candidate for governor this year, potentially putting him in position to appoint his own successor in the Senate. 

In an interview with CNN, Bennet called the commutation a “terrible decision” and that after announcing it Polis called him to say he would not be interested in the job.

Bennet wasn’t surprised.

“I viewed the decision that he made with respect to Tina Peters as disqualifying, and I think he knows that,” Bennet said.

Following the commutation, Polis has defended his decision, claiming Peters was being punished holding incorrect but constitutionally protected beliefs about election fraud that were unrelated to her actual crimes. He recently showed up to a virtual gathering of Colorado Democrats wearing a piece of tape over his mouth and has predicted the commutation will be looked upon “fondly” in the future.

Reached for comment, Polis’ press office referred CyberScoop to a previous May 15 Facebook post by the governor announcing Peters’ commutation and a follow up Substack blog he posted on Sunday defending the decision.

In his Substack, Polis said he believes Peters committed “real crimes” and deserved her conviction, but also argued that her sentence had become disconnected from her crimes. He pointed to a Colorado Court of Appeals hearing last month that upheld her conviction but ordered her to be resentenced in court as evidence that her sentence was lengthened for her First Amendment protected beliefs.

“Tina Peters should be punished for what she did,” Polis wrote. “She should not receive additional punishment for what she believed or said.” Still trying to figure out what that would look

But many election officials have also publicly stated that Peters committed serious felonies, remains unrepentant for her actions, and that her conspiratorial beliefs played a direct role in motivating her crimes.

The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberScoop.

The U.S. Postal Service is moving forward with mail-in ballot restrictions, following a court’s rejection of a request by voting rights groups to immediately block an executive order from President Donald Trump ordering the changes.

A new regulation proposed last Friday seeks to apply “uniform standards for the mailing of absentee ballots to and from voters,” including new ballot envelope standards with unique barcodes, election mail logos and other changes that would allow the federal government unprecedented abilities to track – and halt – the movement of mail-in ballots across the country.

Trump has long argued that mail-in ballots facilitated election fraud in 2020 that cost him the presidency, though election experts, election officials and even some Trump allies have dismissed those claims as baseless.

According to the proposed rule, these changes would allow USPS to follow ballots at a granular and individual level, something critics have said will make it easier for the Trump administration to meddle with their delivery.

“Uniquely serialized [barcodes] facilitate the tracking of individual pieces of Ballot Mail to and from individual voters as the barcodes are scanned on the Postal Service’s mail processing equipment,” the proposed rule states.

Trump’s executive order, issued in March, would require states to send the federal government a list of all voters eligible to vote by mail prior to USPS mailing them ballots. The federal government has indicated that it plans to cross-check those voters with data from the Department of Homeland Security and the Department of Justice.

The proposed rule says that after states submit their list of eligible mail-in and absentee voters, USPS will “compile” the information and then provide a “Mail-In and Absentee Participation List” back to them. The Postal Service said it “would not change the information provided by states” when compiling the return list. 

Further, the proposed regulation also includes new “verification” procedures that could potentially place USPS above states in deciding which voters are eligible to receive ballots. This would include having the USPS “confirm that a state submitted a list consistent with the conditions laid out in the proposed rule, and that the outbound ballot mail, and thus the blank ballot that could be returned by mail, is destined to individuals on the list, by checking the barcodes.”

The rule claims that USPS “would not verify whether individuals should be included” on state lists and that states retain “full control over the content of that list.”

However, the White House’s March order also instructed the Department of Justice to prioritize the investigation and prosecution of state and local officials or any others involved in the administration of federal elections who issue federal ballots to individuals not eligible to vote in a federal election.

That order was immediately challenged through lawsuits in multiple federal courts, where many of the White House’s plans to take greater control of elections have fallen short. That includes a lawsuit brought by Democrats and nonprofits in Washington.

While Judge Carl Nichols declined to halt the order, that decision was made on strictly procedural grounds, and he indicated the plaintiffs could be in a better position to prove their case later.

“The Court recognizes that the Postal Service may ultimately issue a final rule that directly affects Plaintiffs or their members, or that the Government may develop State Citizenship Lists that omit specific individuals due to particularized flaws,” Nichols wrote. “Plaintiffs may, of course, renew their motions if and when those future actions occur. Until then, however, Plaintiffs cannot show that preliminary injunctive relief is warranted.”

A separate federal lawsuit challenging the order in Massachusetts remains ongoing.

Alexandra Chandler, director of Free and Fair Elections at nonprofit Protect Democracy, noted that USPS and the federal government have no constitutional authority to regulate how states administer their elections, including micromanaging voter roll maintenance.

While the proposed regulation claims USPS will not overrule states on a voter’s eligibility to receive mail-in or absentee ballots, it’s also peppered with caveats and exceptions that could allow USPS to do just that if they determine it is part of their obligation to uphold federal laws or assist law enforcement investigations.

The rule states that USPS “assumes no responsibility for any outbound ballot mailing” until its accepted into the mail, and is “not responsible for service delays” whenever preparation or entry standards aren’t met.

Chandler called the proposed rule a clear attempt to disrupt election processes, sow distrust in elections among voters and lay “the groundwork to disrupt ballot delivery in real time, create fodder for false investigations and prosecutions, and to contest the midterms after the fact.”

“The administration is trying to turn postal workers into de facto election auditors with the power to decide whether people’s votes get counted while at the same time building an entire federal voter data and technical infrastructure it has no legal authority to create,” Chandler said.

The post USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order  appeared first on CyberScoop.

Cybersecurity threats to the 2026 midterm elections are targeting the accounts and platforms that campaigns, donors and voters use to communicate, according to a security report released Monday by Check Point Software Technologies.

So far in this election cycle, threats are not aimed at voting machines or ballot-counting systems. Instead, threat actors are going after the email accounts, websites and fundraising platforms that election organizations depend on.

Jeremy Fuchs, a campaign manager for Check Point, told CyberScoop that the report’s core findings reflect a broader trend in cybersecurity: Bad actors are using AI to make their attacks larger and more effective.

“The barrier to entry is lower and the quality is so much higher than it was three years ago, 10 years ago, that everything is going to look more realistic and it’s going to be more effective at accomplishing whatever goals [attackers] have,” he said.

Email remains the easiest way for hackers to perpetuate election-related schemes. Check Point found that 82% of malicious attacks arrive through email, where threat actors covertly trick users into handing over their passwords for major fundraising sites. Approximately 9,500 stolen passwords were tied to ActBlue, which collects donations for Democratic candidates. Approximately 6,500 were linked to WinRed, a Republican fundraising platform.

Fuchs noted that this information may not be directly used for election-related schemes, yet could be leveraged for opportunistic follow-on attempts at accessing other accounts.

“Whenever an exposure like this happens, whether it’s with a political site or not, oftentimes it’s saved for later,” he said. “If I have your email and password, if I have your phone number, I can just start an attack, a simple phishing attack that has nothing to do with the election right now.”

Threat actors are also registering many new websites with election-related names. In January, about 1,300 new websites included the word “election” and about 4,010 included the word “vote.” These websites can be used for phishing scams, where hackers trick people into giving up their passwords by pretending to be legitimate election organizations.

Fuchs noted that not every website may turn out to be malicious, but the speed with which these sites have been established — especially when legitimate campaign sites have been running years before an election — has led researchers to believe that the majority will be used for nefarious purposes. 

“If you’re spinning up these websites very quickly and at scale, there’s a reason for it,” he said. 

Misinformation and manipulated content present another layer of concern, especially as AI-generated political content has become increasingly visible in the 2026 cycle. Earlier this month, OpenAI rolled out a suite of tools and safeguards that’s meant to provide a layer of security for this particular election cycle.

Fuchs said this AI-powered manipulation is only going to grow as we get closer to Election Day, and as the models get better, so too will actors’ ability to deceive people with fake content. 

“It’s really hard to make sense of these things when the AI, and the attacks, have just become so good,” he said. “It was hard when they weren’t good. So now imagine how much harder it’s going to be when it is good, and it’s continuing to get better and better.” 

Fuchs warned that the speed at which AI-powered election threats are evolving presents a challenge that extends beyond technical defenses, saying that the true challenge lies in a threat landscape that’s changing faster than public understanding can keep pace.

“There’s so much more that we as a society can truly fathom,” he told CyberScoop. Generative AI “is moving so fast. It’s getting so good. And if we’re not having those conversations about, ‘hey, this is how things might change,’ all this stuff is just going to continue to get more difficult and more difficult. And it’s going to flare at these inflection points, whether an election is kind of the perfect place for it, because there’s just so much at stake for so many people.”

You read the full report on Check Point’s website. 

Update, 6/2/2026, 4:30 p.m.: This story has been amended to further clarify how threat actors are obtaining passwords for campaign donation sites.

The post Election threats are focused on campaign systems, not voting machines appeared first on CyberScoop.

ON SECURITY By Susan Bradley Passwords. We’ve had them for a long time. They’ve served us well. But they are also subject to attacks — phishing and spoofing. Microsoft and many other vendors want us to move to passkeys. Unfortunately, the transition has not been easy or clear. Passwords are what we are used to. […]

OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse. 

The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought weren’t enough. Government agencies, non-governmental institutes and others have increasingly warned about AI’s ability to have a negative impact on elections even as they advertise its potential for good.

OpenAI’s plan has five planks: spreading reliable information about voting and election results, helping with cybersecurity, watermarking deepfakes, enforcing policies that ban users from deploying its tools for election interference, and weeding out political bias in its models.

OpenAI highlighted that it has made its Codex Security agentic framework and Trusted Access for Cyber framework available to election officials, and was briefing the National Association of Secretaries of State and the National Association of State Election Directors on its tools.

“This is an important moment for cyber defenders across industries, and we believe AI plays a critical role in hardening digital infrastructure — including systems that support elections,” the company said. “OpenAI is committed to building resilience across the infrastructure stack, including in ways that support election execution.”

Some elements of OpenAI’s plans aren’t new so much as it’s taking pieces from other announcements and putting them together in one, such as reiterating last week’s partnership with SynthID to add watermarks to images generated with ChatGPT to assist in evaluating whether something is real or a deepfake.

One new element of Wednesday’s announcement is that OpenAI has struck a partnership with the Associated Press on sharing election data.

One election security expert welcomed the OpenAI announcement.

“Given the prevalence and amplification of disinformation about our elections, sometimes coming from leaders in high office, it’s always a good thing when platforms and services embrace their obligation to deliver accurate information to users,” David Becker, executive director of the Center for Election Innovation & Research, told CyberScoop. “It appears OpenAI is doing that with this announcement. I hope other platforms embrace this responsibility as well.”

The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop.

Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens.

The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.

ON SECURITY By Susan Bradley The “edge,” by which I mean the network hardware standing between the Internet and the PCs and devices on your network, is a first line of defense against attackers. What’s on your edge? At any point during the day, attackers are out to get someone. You may not be the […]

The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions.

The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek.

Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every industry.

The post AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop appeared first on SecurityWeek.

A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves.

Researchers analyzing the payload found a worm that spreads autonomously, installs persistent backdoors at the operating system level, and is specifically engineered to survive the most common first response: removing the package.

How the attack works

The malware executes the moment an affected software package is installed, whether in a developer’s local environment or inside a CI/CD pipeline. A hook fires before any other step, giving the payload immediate access to the machine.

It harvests GitHub tokens, npm tokens, SSH keys, cloud provider credentials, and database connection strings. In automated build environments, it uses the pipeline’s own trusted identity to obtain publishing credentials, allowing it to push poisoned package versions to the registry under a legitimate maintainer’s name. The stolen data is sent to attacker-controlled GitHub repositories.

After it steals a publishing token, the malware checks every package that token can access, adds its code to those packages, and publishes new poisoned versions using the maintainer’s account. One infected CI runner — the machine or virtual server that automatically builds, tests and publishes code for a project — can therefore taint every package that runner is allowed to publish. It also searches a developer’s computer for other Node.js projects and copies itself into them, so a single infected install can compromise an entire workstation.

“If any of the affected packages ran in your environment, treat the machine or runner as exposed until secrets are rotated, persistence artifacts are removed, and recent publish activity has been reviewed,” Aikido Security researchers wrote in a blog post. 

Removing the package is not enough

Researchers found that a standard dependency rollback leaves the attacker’s access intact. The malware embeds backdoors in developer tool settings — notably .vscode/tasks.json and .claude/settings.json — which remain on disk even after the npm package is removed. Those files must be audited and cleaned to eliminate the attacker’s foothold.

The payload also installs OS-level background services: a systemd user service on Linux, a LaunchAgent on macOS. Both run a backdoor called kitty-monitor, which polls GitHub’s commit search every hour for signed remote commands. A second process, gh-token-monitor, checks stolen GitHub tokens every 60 seconds — alerting the attacker the moment one is revoked. An attacker can maintain access and monitor the victim’s response in near real time, long after the original infection has been discovered.

Multiple security companies have pointed out which popular dependencies are being targeted. In this wave, it’s been popular data visualization software, including Alibaba’s open-source AntV and TallyUI. The campaign also touched widely used utilities such as echarts-for-react (a React wrapper for ECharts) and timeago.js (a small JavaScript library that allows developers to format timestamps).

“Even if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions,” wrote researchers from Socket, an application security company.

The campaign remains active. Because the worm propagates using tokens stolen from infected environments, the number of affected packages is expected to grow. Researchers have warned that any machine or pipeline that installed an affected version should be treated as fully compromised.

Last week, TeamPCP targeted other prominent software libraries with the malware, including TanStack, UiPath, and MistralAI.

The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop.

Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced last year to serve nine years in state prison for carrying out one of the most serious election-related data breaches in U.S. history.

Peters was arrested in 2021, accused of abusing her position as clerk to break into Mesa County election facilities under false pretenses, steal election and voting machine data and share them with allies of President Donald Trump in a quixotic quest to prove he won the 2020 presidential election.

Peters has served less than a year and a half of a nine-year prison sentence handed down last year by a judge after she was convicted of using another Mesa County resident’s identity to enter county election facilities, where she stole voting data from the 2020 election and shared it with Trump allies online.

Peters hoped the data would show that Trump actually won the state in 2020. It did not. Election and cybersecurity experts have said Peters’ actions were a serious breach of election data, while Mesa County officials say it has cost them millions of dollars to deal with the legal fallout while Peters ran for higher office in 2022.

In handing down her nine-year prison sentence, Judge Matthew Barrett called Peters a “charlatan” and deserved a longer punishment because “I’m convinced you’d do it all over again.”

But for months, Colorado’s Democratic Governor Jared Polis has hinted at pardoning or commuting her sentence,  claiming that it was overly harsh for her crimes.

Trump has attempted to pressure state officials to pardon or commute Peters’ sentence. Because Peters was convicted of state crimes, she could be freed by a federal pardon alone, though Trump tried that as well.

In the past, Polis has claimed that he would only grant clemency to Peters if she showed remorse for her crimes. However, Peters’ own community and neighbors in Mesa County testified at her sentencing hearing last year that she has been largely unrepentant even after she was arrested and charged.

A review of dozens of Polis pardons and commutations as Colorado Governor by Denver news affiliate KUSA shows that Polis has never previously pardoned or commuted the sentence of a prisoner who did not openly express remorse for their crimes. Polis claimed in an interview with the outlet that Peters expressed regret.

Polis’ office did not immediately respond to a request for comment.

The post Colorado governor commutes prison sentence for election denier Tina Peters  appeared first on CyberScoop.