Category: Homeland Security

Source: US Department of Homeland Security

The criminal illegal alien dragged the officer 50 yards with his car and has a history of violent offenses

WASHINGTON – Today, the Department of Homeland Security (DHS) announced federal law enforcement arrested Roberto Carlos Munoz, a serial criminal illegal alien, after he dragged an Immigration and Customs Enforcement (ICE) officer 50 yards with his car in Bloomington, Minnesota, trying to evade arrest.

During a traffic stop, Munoz refused to exit his vehicle. He tried to flee law enforcement and put his car in drive while the ICE officer still had his arm inside the vehicle, dragging the officer approximately 50 yards. This criminal illegal alien has been arrested and is in federal custody.  

The ICE officer was hospitalized and is expected to make a full recovery.  

“Robert Carlos Munoz is a child sex offender and illegal alien from Guatemala who attempted to evade law enforcement and dragged an ICE officer 50 yards down the street with his car. Thankfully, the officer is expected to make a full recovery,” said Assistant Secretary Tricia McLaughlin. “This illegal alien has been committing violent crimes in the U.S. for nearly 15 years. He is a convicted child sex offender who has a rap sheet that includes an arrest for domestic assault and multiple driving offenses. Under Governor Tim Walz, this sicko was living in Minnesota without consequence. Instead of comparing ICE law enforcement to the Gestapo, Governor Walz should be thanking our brave law enforcement for arresting these violent criminals.” 

Image

This illegal alien from Guatemala entered the U.S. at an unknown date. His lengthy criminal rap sheet in the U.S. dates back to 2010. Previously he’s been arrested for domestic assault and convicted of sex crimes against an underage teenager. Additionally, he’s been convicted for driving without a valid license, and multiple charges for driving illegally. ICE first lodged a detainer on him in 2013.

###

Source: US Department of Homeland Security

Law enforcement is offering a $10,000 reward for any information leading to the arrest of the remaining two dangerous criminal illegal aliens

WASHINGTON – The Department of Homeland Security (DHS) announced it captured two of the four dangerous criminal illegal aliens who escaped Delaney Hall on June 12, 2025. Two additional criminal illegal aliens remain at large.  

Contrary to reporting, there has been no widespread unrest at the Delaney Hall Detention Facility. This privately held facility remains dedicated to providing high-quality services, including around-the-clock access to medical care, in-person and virtual legal and family visitation, general and legal library access, translation services, dietician-approved meals, religious and specialty diets, recreational amenities, and opportunities for detainees to practice their religious beliefs.  

CAPTURED 

On June 13, 2025, Joel Enrique Sandoval-Lopez, a criminal illegal alien from Honduras, was arrested by Immigration and Customs Enforcement (ICE), FBI, and Passaic Police in Passaic, New Jersey. During the arrest, Sandoval-Lopez kicked and threatened to kill the law enforcement officers. This criminal illegal alien’s criminal record includes unlawful possession of a handgun and aggravated assault.

Image

On June 13, 2025, Joan Sebastian Castaneda-Lozada, a criminal illegal alien from Colombia whose criminal record includes arrests for burglary, theft, and conspiracy to commit burglary, attempted to turn himself in to local authorities at the New Jersey State Police Bridgeton Station. Due to their sanctuary policies, the State Police refused to take him into custody because they do not work with ICE. On June 15, Castaneda-Lozada surrendered himself to Agents from FBI and ICE in Milleville, NJ. 

Image

“DHS has captured two of the detainees who escaped the privately held Delaney Hall Detention Facility. On June 13, Joel Enrique Sandoval-Lopez was apprehended. During his arrest, he kicked and threatened to kill law enforcement officers. Disturbingly, Joan Sebastian Castaneda-Lozada tried to turn himself into local authorities and was turned away because of the state’s sanctuary policies that prohibit law enforcement from working with ICE. Thankfully, this criminal alien has now been arrested and is no longer a threat to Americans,” said a Senior DHS Official. “We encourage the public to call 911 or the ICE Tip Line: 866-DHS-2-ICE if they have information that may lead to locating the two criminal illegal aliens who remain at large. DHS and FBI are offering a $10,000 reward for anyone who provides information that leads to the arrest of these public safety threats.” 

DHS and the FBI are offering a $10,000 reward for information leading to the arrest of the two remaining criminal illegal aliens who escaped from Delaney Hall Detention Facility in New Jersey. The safety of Americans and the Newark community is DHS’ top priority. 

Below are the two criminal illegal aliens who are evading federal law enforcement and pose a threat to public safety.  

Franklin Norberto Bautista-Reyes is an illegal alien from Honduras who illegally entered the U.S. in 2021 under the Biden administration. On May 3, 2025, the Wayne Township, New Jersey Police Department arrested Bautista for aggravated assault, attempt to cause bodily injury, terroristic threats, and possession of a weapon for unlawful purposes.

Image

Andres Pineda-Mogollon is an illegal alien from Colombia who overstayed a tourist visa and entered the U.S. in 2023 under the Biden administration. On April 25, 2025, the New York City Police Department arrested Pineda-Mogollon for petit larceny. On May 21, 2025, the Union, New Jersey Police Department arrested Pineda-Mogollon for residential burglary, conspiracy residential burglary, and possession of burglary tools.

Image

Anonymous tips may be reported on this form and via the toll-free ICE tip line, (866) 347-2423. 

ICE’s 24-hour tip line gives Americans the ability to report suspicious criminal activity by illegal aliens including terrorist activity, gang related crimes, and suspected sex trafficking. The tip line is manned by highly trained specialists who take reports from both the public and law enforcement agencies on the more than 400 laws enforced by ICE. Secretary Noem will be providing more resources and personnel to this tip line to ensure DHS is able to quickly identify, locate, and arrest these criminal illegal aliens.

###

Source: US Department of Homeland Security

These disgusting smears are designed to demonize and villainize our brave ICE law enforcement and have led to a more than 400 percent increase of assaults on our officers

WASHINGTON – The Department of Homeland Security (DHS) released the following statement to set the record straight on media reports demonizing Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) officers as they work to remove criminal illegal aliens from American streets in Los Angeles (LA), California.

Below are just a handful of FALSE headlines about recent DHS operations in Los Angeles that attempt to villainize federal law enforcement.

To set the record straight, the Department’s responses to the false claims are below.

Image

THE FACTS: “DHS targets have nothing to do with an individuals’ skin color. What makes someone a target is if they are in the United States illegally. These types of disgusting smears are designed to demonize and villainize our brave ICE law enforcement. This kind of garbage has led to a more than 400 percent increase in the assaults on ICE officers. Politicians and activists must turn the temperature down and tone down their rhetoric.” – Assistant Secretary Tricia McLaughlin

Image

THE FACTS: “The facts are a U.S. citizen was arrested because he ASSAULTED U.S. Customs and Border Protection Agents. Secretary Noem has been clear: if you lay a hand on a law enforcement officer, you will be prosecuted to the fullest extent of the law.” – Assistant Secretary Tricia McLaughlin

Image

THE FACTS: “This is blatantly FALSE. ICE is NOT in homeless shelters, ERs and schools. This rhetoric from the Mayor of LA and California politicians demonizes the brave men and women of law enforcement.” – Senior DHS Official

Image

THE FACTS: “Claims that ICE has conducted operations at Douglas Park to target and arrest nannies and caregivers are unequivocally FALSE. These are the type of lies being spread to demonize our brave ICE law enforcement who risk their lives to remove criminal illegal aliens including suspected terrorists, gang members, murderers, and rapists from American communities. The facts are that ICE, and our federal partners, are targeting the worst of the worst.” – Assistant Secretary Tricia McLaughlin

# # #

Source: US Department of Homeland Security

Representatives from the Department of Homeland Security (DHS) met with Canadian and Finnish counterparts as part of a two-day summit for the ongoing Icebreaker Collaboration Effort (ICE Pact), a trilateral agreement to strengthen United States supply chains, increase domestic jobs, and improve U.S. shipbuilding capabilities to defend the American people.

“ICE Pact is a key component of America’s economic future. President Donald Trump and U.S. Homeland Security Secretary Kristi Noem understand that economic security is national security,” said Assistant Secretary Tricia McLaughlin. “By revitalizing U.S. shipyards, creating jobs, strengthening industrial capabilities, and opening up the Arctic’s vast potential to American businesses, the Trump administration is putting America’s prosperity and security first.” 

During the two-day event, government leaders discussed with public and private stakeholders plans to advance four key areas: technical expertise and information exchange; workforce development; relations with allies and industry; and research and development.

The three partner countries concluded this successful meeting with a commitment to reconvene in person by the end of the year for a meeting hosted by the U.S. government.

Icebreakers are vital for America’s presence in the Arctic, a region increasingly contested by Russia and China due to its growing potential for oil and gas exploration, critical minerals, trade route traffic, fishing, and tourism. Russia maintains the largest icebreaker fleet in the world with 40-plus icebreakers and has made the Arctic its top naval priority; China is rapidly expanding its presence in this field as well and is collaborating with Russia on Arctic expansion efforts.

In contrast, until last month, the United States Coast Guard operated just two icebreakers. In late May, the U.S. Coast Guard Cutter Storis began its maiden voyage to the Arctic. ICE Pact will steer more investment into U.S. industry to boost our icebreaker fleet.

Plans developed during ICE Pact meetings will allow the U.S., Canada, and Finland to build American-made Arctic and polar icebreakers.

###

Source: US Department of Homeland Security

Call 911 or 866-DHS-2-ICE with any information that may lead to locating these dangerous criminal illegal aliens

WASHINGTON – The Department of Homeland Security (DHS) and the FBI are offering a $10,000 reward for information leading to the arrest of the four criminal illegal aliens who escaped from Delaney Hall Detention Facility in New Jersey. The safety of Americans and the Newark community is the DHS’ top priority.

“DHS has become aware of four detainees at the privately held Delaney Hall Detention Facility escaping. Additional law enforcement partners have been brought in to find these escapees and a BOLO has been disseminated,” said a Senior DHS Official. “We encourage the public to call 911 or the ICE Tip Line: 866-DHS-2-ICE if they have information that may lead to the locating of these individuals. DHS and the FBI are offering a $10,000 reward for any information that leads to the arrest of these public safety threats.”

On June 12, four criminal illegal aliens breached security at Delaney Hall. Contrary to current reporting, there has been no widespread unrest at the Delaney Hall Detention facility. This privately held facility remains dedicated to providing high-quality services, including include around-the-clock access to medical care, in-person and virtual legal and family visitation, general and legal library access, translation services, dietician-approved meals, religious and specialty diets, recreational amenities, and opportunities to practice their religious beliefs.

The four criminal illegal aliens currently evading federal law enforcement are public safety threats.

Franklin Norberto Bautista-Reyes is an illegal alien from Honduras who illegally entered the U.S. in 2021 under the Biden administration. On May 3, 2025, the Wayne Township, New Jersey Police Department arrested Bautista for aggravated assault, attempt to cause bodily injury, terroristic threats, and possession of a weapon for unlawful purposes.

Image

Joel Enrique Sandoval-Lopez is an illegal alien from Honduras who illegally entered the U.S. as a minor in 2019. On October 3, 2024, the New Jersey Passaic Police Department arrested Sandoval for unlawful possession of a handgun. He was arrested again on February 15, 2025, by the Passaic Police Department for aggravated assault.

Image

Joan Sebastian Castaneda-Lozada is an illegal alien from Colombia who illegally entered the U.S. in 2022 under the Biden administration. On May 15, 2025, the New Jersey Hammonton Police Department arrested Castaneda for burglary, theft, and conspiracy to commit burglary.

Image

Andres Pineda-Mogollon is an illegal alien from Colombia who overstayed a tourist visa and entered the U.S. in 2023 under the Biden administration. On April 25, 2025, the New York City Police Department arrested Pineda for petit larceny. On May 21, 2025, the Union, New Jersey Police Department arrested Pineda for residential burglary, conspiracy residential burglary, and possession of burglary tools.

Image

Anonymous tips may be reported on the ICE Tip Form and via the toll-free ICE tip line, (866) 347-2423.

ICE’s 24-hour tip line gives Americans the ability to report suspicious criminal activity by illegal aliens including terrorist activity, gang related crimes, and suspected sex trafficking. The tip line is manned by highly trained specialists who take reports from both the public and law enforcement agencies on the more than 400 laws enforced by ICE. Secretary Noem will be providing more resources and personnel to this tip line to ensure DHS is able to quickly identify, locate, and arrest these criminal illegal aliens.

Source: US Department of Homeland Security

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025.

SimpleHelp versions 5.5.7 and earlier contain several vulnerabilities, including CVE-2024-57727—a path traversal vulnerability.¹ Ransomware actors likely leveraged CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM for disruption of services in double extortion compromises.¹ 

CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 13, 2025.

CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise or risk of compromise.

Download the PDF version of this report:

Mitigations

CISA recommends organizations implement the mitigations below to respond to emerging ransomware activity exploiting SimpleHelp software. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections. These mitigations apply to all critical infrastructure organizations.

Vulnerable Third-Party Vendors

If SimpleHelp is embedded or bundled in vendor-owned software or if a third-party service provider leverages SimpleHelp on a downstream customer’s network, then identify the SimpleHelp server version at the top of the file /SimpleHelp/configuration/serverconfig.xml. If version 5.5.7 or prior is found or has been used since January 2025, third-party vendors should:

1. Isolate the SimpleHelp server instance from the internet or stop the server process.
2. Upgrade immediately to the latest SimpleHelp version in accordance with SimpleHelp’s security vulnerability advisory.²
3. Contact your downstream customers to direct them to take actions to secure their endpoints and undertake threat hunting actions on their network.

Vulnerable Downstream Customers and End Users

Determine if the system is running an unpatched version of SimpleHelp RMM either directly or embedded in third-party software.

SimpleHelp Endpoints

Determine if an endpoint is running the remote access (RAS) service by checking the following paths depending on the specific environment:

• Windows: %APPDATA%JWrapper-Remote Access
• Linux: /opt/JWrapper-Remote Access
• MacOs: /Library/Application Support/JWrapper-Remote Access

If RAS installation is present and running, open the serviceconfig.xml file in /JWrapper-Remote Access/JWAppsSharedConfig/ to determine if the registered service is vulnerable. The lines starting with indicate the server addresses where the service is registered.

SimpleHelp Server

Determine the version of any SimpleHelp server by performing an HTTP query against it. Add /allversions (e.g., https://simple-help.com/allversions) to query the URL for the version page. This page will list the running version.

If an unpatched SimpleHelp version 5.5.7 or earlier is confirmed on a system, organizations should conduct threat hunting actions for evidence of compromise and continuously monitor for unusual inbound and outbound traffic from the SimpleHelp server. Note: This is not an exhaustive list of indicators of compromise.

1.  Refer to SimpleHelp’s guidance to determine compromise and next steps.³
2. Isolate the SimpleHelp server instance from the internet or stop the server process.
3. Search for any suspicious or anomalous executables with three alphabetic letter filenames (e.g., aaa.exe, bbb.exe, etc.) with a creation time after January 2025. Additionally, perform host and network vulnerability security scans via reputable scanning services to verify malware is not on the system.
4. Even if there is no evidence of compromise, users should immediately upgrade to the latest SimpleHelp version in accordance with SimpleHelp’s security vulnerabilities advisory.⁴

If your organization is unable to immediately identify and patch vulnerable versions of SimpleHelp, apply appropriate workarounds. In this circumstance, CISA recommends using other vendor-provided mitigations when available. These non-patching workarounds should not be considered permanent fixes and organizations should apply the appropriate patch as soon as it is made available.

Encrypted Downstream Customers and End Users

If a system has been encrypted by ransomware:

1. Disconnect the affected system from the internet.
2. Use clean installation media (e.g., a bootable USD drive or DVD) to reinstall the operating system. Ensure the installation media is free from malware.
3. Wipe the system and only restore data from a clean backup. Ensure data files are obtained from a protected environment to avoid reintroducing ransomware to the system.

CISA urges you to promptly report ransomware incidents to a local FBI Field Office, FBI’s Internet Crime Compliant Center (IC3), and CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870).

Proactive Mitigations to Reduce Risk

To reduce opportunities for intrusion and to strengthen response to ransomware activity, CISA recommends customers of vendors and managed service providers (MSPs) implement the following best practices:

• Maintain a robust asset inventory and hardware list [CPG 1.A].
• Maintain a clean, offline backup of the system to ensure encryption will not occur once reverted. Conduct a daily system backup on a separate, offline device, such as a flash drive or external hard drive. Remove the device from the computer after backup is complete [CPG 2.R].
• Do not expose remote services such as Remote Desktop Protocol (RDP) on the web. If these services must be exposed, apply appropriate compensating controls to prevent common forms of abuse and exploitation. Disable unnecessary OS applications and network protocols on internet-facing assets [CPG 2.W].
• Conduct a risk analysis for RMM software on the network. If RMM is required, ask third-party vendors what security controls are in place.
• Establish and maintain open communication channels with third-party vendors to stay informed about their patch management process.
• For software vendors, consider integrating a Software Bill of Materials (SBOM) into products to reduce the amount of time for vulnerability remediation.
  • An SBOM is a formal record of components used to build software. SBOMs enhance supply chain risk management by quickly identifying and avoiding known vulnerabilities, identifying security requirements, and managing mitigations for vulnerabilities. For more information, see CISA’s SBOM page.

Resources

Reporting

Your organization has no obligation to respond or provide information back to FBI in response to this advisory. If, after reviewing the information provided, your organization decides to provide information to FBI, reporting must be consistent with applicable state and federal laws.

FBI is interested in any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file.

Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, transaction IDs, date of infection, date detected, initial attack vector, and host- and network-based indicators.

CISA and FBI do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (report@cisa.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

SimpleHelp users or vendors can contact support@simple-help.com for assistance with queries or concerns.

Disclaimer

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favor by CISA.

Version History

June 12, 2025: Initial version.

Notes

1. Anthony Bradshaw, et. al., “DragonForce Actors Target SimpleHelp Vulnerabilities to Attack MSP, Customers,” Sophos News, May 27, 2025, https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/.
2. For instructions for upgrading to the latest version of SimpleHelp, see SimpleHelp’s security vulnerability advisory.
3. To determine possibility of compromise and next steps, see SimpleHelp’s guidance.
4. For instructions for upgrading to the latest version of SimpleHelp, see SimpleHelp’s security vulnerability advisory.