In President Donald Trump’s second term, everything is content. Videos of immigration raids are shared widely on X by the Department of Homeland Security (DHS), conspiracy theories dictate policy, and prominent right-wing podcasters and influencers have occupied high-level government roles. The second Trump administration is, to put it bluntly, very online.

Trump and his supporters have long trafficked in—and benefited from—misinformation and conspiracy theories, leveraging them to build visibility on social media platforms and set the tone of national conversations. During his first term, Trump was famous for announcing the administration’s positions and priorities via tweet. In the years since, social media platforms have become friendlier environments for conspiracy theories and those who promote them, helping them spread more widely. Trump’s playbook has adjusted accordingly.

Don Moynihan, a professor of public policy at the University of Michigan, says that social media, particularly right-wing social media ecosystems, are no longer just a way for Trump to control conversations and public perception. The administration, he says, is now actively making decisions and shaping policy based primarily on how they’ll be perceived online. Their priority is what right-wing communities care about—regardless of whether it’s real.

WIRED spoke to Moynihan, who argues that the US has entered a new level of enmeshment between the internet and politics, in what he calls a “clicktatorship.”

This conversation has been edited for length and clarity.

WIRED: To start us off, what is the “clicktatorship”?

Don Moynihan: A “clicktatorship” is a form of government that combines a social media worldview alongside authoritarian tendencies. This implies that people working in this form of government are not just using online platforms as a mode of communication, but that their beliefs, judgement, and decisionmaking reflect, are influenced by, and are directly responsive to the online world to an extreme degree. The “clicktatorship” views everything as content, including basic policy decisions and implementation practices.

The supply of a platform that encourages right-wing conspiracies and the demand of an administration for people who can traffic in those conspiracies is what’s giving us the current moments of “clicktatorship” that we’re experiencing.

The “clicktatorship” is generating these images to justify the occupation of American cities by military forces, or to justify cutting off resources to states that did not support the president, to do things that would have truly shocked us a decade ago.

Trump’s first presidency was characterized by a sort of showmanship. How is that different from what we’re seeing now?

The first Trump presidency might be understood as a “TV presidency,” where watching The Apprentice or Fox News gave you real insight into the milieu in which Trump was operating. The second Trump presidency is the “Truth Social or X presidency,” where it is very hard to interpret without the reference points of those online platforms. Some of the content and messaging that the president or other senior policymakers use is stuffed with inside references, messaging that doesn’t make a lot of sense unless you’re already in that online community.

Modes of discourse have also changed. We’re seeing very senior policymakers exhibit the patterns and habits that work online. Pam Bondi going to a Senate hearing with a list of zingers and printed out X posts as a means of responding to a traditional accountability process, reflects how this online mode of discourse is shaping how public officials view their real life roles.

There’s been a lot of research about the polarizing and harmful nature of social media. What does it mean that our political leaders are people who have not only been successful in manipulating social media, but have themselves been manipulated by it?

More than two dozen Immigration and Customs Enforcement vehicles on the ground in the Minneapolis-St. Paul area “currently lack the necessary emergency lights and sirens” required to be “compliant with law enforcement requirements,” according to a contract justification published in a federal register on Tuesday.

The document justifies ICE paying Whelen Engineering Company, a Connecticut-based firm specializing in “emergency warning and lighting technology,” $47,330.49 for 31 “ATLAS1” kits—seemingly a typo of ATLAS, the name of the product sold by Whelen—which the company’s website describes as an “Adaptable Travel Light and Siren Kit.” The document explains that the ATLAS Kits would “allow vehicles to be immediately operational and compliant with law enforcement requirements to support the current surge operation” out of Homeland Security Investigations (HSI)’s St. Paul office, which conducts operations in Minnesota, North Dakota, South Dakota.

“These vehicles were deployed prior to being permanently retrofitted and currently lack the necessary emergency lights and sirens required for operational use,” the document says.

The document also says that because of the “the time-sensitive nature of the mission” that HSI agents are conducting, having to wait for “permanent retrofitting” the agency vehicles with lights and sirens “would negatively impact operational readiness, law enforcement officer safety, and public safety.”

HSI’s most recent public handbook for agents conducting “emergency driving”—defined as driving during “official duties,” like low- or high-risk pursuits, that may require breaking speed limits or violating certain traffic laws—appears to have been published in 2012. It says that any HSI vehicles without lights and sirens “may not be used” in emergency driving, unless the officer “is conducting surveillance or is responding to an event that may adversely impact or threaten life, health, or property or requires an immediate law enforcement response.”

The handbook adds that if an HSI officer is emergency driving but their vehicle does not have lights or sirens, they “must terminate” their participation in a law enforcement operation, and an officer from another law enforcement agency that does have lights and sirens should take over. This HSI officer ”may continue to assist in a backup role, if necessary.”

The handbook does not specify the exact number or location of lights that have to be on an emergency vehicle, but it says that officers are responsible for reviewing any state statutes for emergency lights and sirens where they operate. Minnesota state law requires law enforcement and emergency drivers to “sound an audible signal by siren” and have at least one red light on the front of the vehicle, among other stipulations.

According to the listing for the ATLAS Kit on Whelen’s website, the kit includes several items that are also sold separately by the company, including lightheads and lightbars, as well as a siren amplifier and speaker. The kit comes in a portable case resembling a wheeled suitcase and a small device with a microphone and buttons for controlling the other items in the kit. Whelen describes ATLAS as being “designed for quick installation” for any vehicle, regardless of make or model” and ideal for “on-the-go law enforcement.”

The listing comes six days after ICE officer Jonathan Ross fatally shot 37-year-old Renee Nicole Good in her car in Minneapolis, sparking massive protests and an influx of right-wing influencers trying to capitalize on the chaos. After Department of Homeland Security secretary Kristi Noem announced that hundreds of additional ICE officers would join the 2,000 already in the Minneapolis area, the State of Minnesota and the cities of Minneapolis and St. Paul filed a federal lawsuit against DHS and its top officials, asking the judge to halt the federal immigration enforcement operation underway in the state.

Microsoft has pushed fixes for 112 common vulnerabilities and exposures (CVEs) on the first Patch Tuesday of 2026, among them a number of zero-day flaws that were either publicly disclosed or actively exploited prior to patching, and no fewer than eight critical bugs.

Although this is a sharp increase in comparison to recent Patch Tuesdays – December 2025 saw Microsoft patch just 56 flaws – it is important to note that the festive season is frequently a quieter time for patches, sometimes by design, and January often brings an uptick in disclosures. Nevertheless, observed Jack Bicer, director of vulnerability research at patch management firm Action1, the volume of fixes in the latest update underscores “growing pressure” on security teams.

“This comes against a broader trend: in 2025, reported vulnerabilities increased by 12% over 2024, continuing the upward trajectory of disclosed security flaws,” said Bicer.

Paramount among these flaws is CVE-2026-20805, an information disclosure vulnerability in Desktop Window Manager, discovered by Microsoft’s own Threat Intelligence and Security Response Centers.

Although it bears a relatively low Common Vulnerability Scoring System (CVSS) score of just 5.5, active exploitation of CVE-2026-20805 has been observed in the wild, Microsoft said

“The flaw leaks a memory address from a remote ALPC [Asynchronous Local Procedure Call] port. This type of information disclosure vulnerability is often used to defeat Address Space Layout Randomisation (ASLR) – a security feature in modern operating systems designed to protect against buffer overflows and other exploits that rely on manipulating the memory of a running application,” explained Immersive senior director of cyber threat research, Kev Breen.

“Once they know where code resides in memory, they can chain this with a separate code execution bug to turn a difficult exploit into a reliable one,” he said. “Microsoft doesn’t provide any information on what other components that chain could involve – making it harder for defenders to threat hunt for potential exploitation attempts, meaning patching quickly is the only mitigation for now.”

Ivanti vice president of security product management, Chris Goettl, agreed with this assessment. “The vulnerability affects all currently supported and extended security update supported versions of the Windows OS,” he said, “[so] a risk-based prioritisation methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.” 

Next up is a security feature bypass (SFB) flaw in Secure Boot Certificate Expiration, tracked as CVE-2026-21265. It, too, carries a comparatively low CVSS score and Microsoft only rates it as Important. However, said Goettl, it has been publicly disclosed and security teams would be wise to look into it.

“The fix provides a warning regarding certificates that will be expiring in 2026 and details on actions that are required to up renew certificates prior to their expiration in addition to the update,” he said.

“It is recommended to start investigating what actions your organisation may need to take to prevent potential serviceability and security as certificates expire.”

The remaining items on the zero-day list – again both publicly disclosed but not known to be exploited, date back three and four years respectively. Both are elevation of privilege (EoP) flaws affecting soft modem drivers that ship natively with supported Windows operating systems.

The older of the two, CVE-2023-31096, is to be found in Agere Soft Modem Driver, and the more recent one, CVE-2024-55414 in Windows Motorola Soft Modem Driver. Microsoft’s solution is to remove the affected drivers, agrsm64.sys and arsm.sys in the first instances and smserl64.sys and smserial.sys in the second, as part of the January cumulative update.

This means soft modem hardware that depends on them will now cease to work on Windows. Microsoft said admins should act quickly to remove any existing dependencies on the affected hardware.