RFK Jr. orders DHS to provide Medicaid data for immigrants that are not documented in the HHS

This week was about protests as demonstrations increased against the Trump administration. As President Donald Trump took a historic step towards deploying the US Marines and National Guard in Los Angeles, we “Long-term risks” of sending troops to LAsimilarly That those troops are allowed to do while they are there.

Of course, the military is not only involved in LA’s protests against heavy crackdowns by immigration and customs enforcement (ICE). Customs and Border Protection (CBP) is also available Flying predator drones through LA further escalated federal involvement. And there are local governments and state authorities. Used a “non-lethal” weapon and Chemicals like tear gas To the protesters. Even Waymo’s self-driving taxis that flare up during the LA protest last weekend could be used to investigate people who committed crimes during demonstrations Thanks to the monitoring function.

In addition to the protest, undocumented communities are opposed to ice enforcement efforts Turn your social media platform into a DIY alert system Because of ice raids and other activities. And we’ve updated our guide as thousands of protests are scheduled to take place this weekend. Protect your privacyIn addition to – Your physical safety–While doing a demo.

Even if you are immigrants or not attending the protest, your data may still be shared with immigration authorities. In partnership with Wired, 404 Media this week revealed by data brokers owned by major airlines They sold domestic US flight data to CBP and instructed the agency not to reveal anything about it.. 404 also detailed bugs that researchers have made Find the phone number connected to your Google account. (The bug was fixed since then.) Finally, we We analyzed Apple’s AI strategyit seems more privacy is at the bank than flashy features.

And that’s not all. Each week we compile privacy and security news that we didn’t cover ourselves in depth. Click on the heading to read the complete story. And stay safe there.

The Trump administration quietly ordered this week to transfer Medicaid data, which undocumented individuals belong to deportation authorities, according to the Associated Press.

The transfer, ordered by Robert F. Kennedy Jr., Director of Health and Human Services, reportedly includes a name, address, immigration status and health claims, involves millions of enrollees. Transfers are illegal and may violate Social Security Act or other data processing laws. Medicaid officials warned the administration had no legal authority to disclose records and that doing so would bring legal and reputational risks that would affect the agency’s operational function.

California Gov. Gavin Newsom occupied the act by a state occupied by unwanted federal forces and ice agents who are continuously sweeping immigrants’ heavy, populated neighborhoods, and called it “an potentially illegal.” An HHS official declined the request, saying the agency had refused to act in full compliance with the law and to clarify to reporters how the data would actually be used.

Move the NSO group. Two Italian journalists have been hacked with spyware created by Israeli phone-centric surveillance firm Paragon, and Citizen Lab revealed this week in a report based on forensic analysis of mobile phones. Two other Italians, staff members of immigration rescue nonprofits, have also violated their phones with the same malware. Paragon’s graphite malware, like NSO’s Pegasus, infects your phone with zero-click techniques that do not require interaction from the victim. In this case, it uses a vulnerability in the iPhone that was patched with iOS version 18.3 earlier this year. Although Citizen Labs were unable to determine which Paragon customers were behind the intrusion, there is reason to doubt the Italian government given that the Italian parliamentary committee determined that two Italian intelligence agencies were Paragon customers earlier this month.

In the latest salvo against the Russian Air Force, Ukrainian Hur military intelligence agency said it had been hacked into the network of Tupolev, an aerospace company that manufactures and services Russian strategic bombers. According to a Cybersecurity News Outlet, Ukrainian hackers claim they stole 4.4 gigabytes of data, including internal communications, meeting memos, personnel files and purchase records. Specifically, Hur says it targets data about individuals involved in the service and maintenance of the Russian bomber fleet targeting Ukrainian cities. Hackers also tainted the homepage of Tupolef’s website, showing an owl clutching a Russian aircraft. “There is no secret left in Tupolef’s activities against Ukrainian intelligence,” Har said in a statement. “The outcome of the operation will be prominent both in the ground and in the sky.” The move followed Ukraine’s unprecedented drone operations earlier this month, destroying or destroying 41 Russian aircraft, including bombers and spy aircraft.

On Wednesday, Interpol and a consortium of police officers from 26 countries announced a takedown called “Operation Secure” for domains and other digital infrastructure linked to 69 Infostealer malware variants. In recent years, malicious hackers have been leaning more and more Information stealing malwareor Infostealers retrieves sensitive information such as passwords, cookies, and search history to make it easier for attackers to target specific organizations and individuals. Interpol said Operation Secure ran from January to April this year and included takedowns of over 20,000 malicious IP addresses or domains, seizing 41 servers, and over 100 GB of data. A total of 32 people have been arrested in connection with investigations in Vietnam, Sri Lanka, Nauru and other countries. Interpol described the operation as a “regional initiative” hosted by a joint Asian and South Pacific operation on cybercrime projects.

Meta sued Hong Kong-based Joy Timeline HK Limited to repeatedly promote the app on Instagram called Crash Eye, which offers “nude” deepfakes. In its lawsuit announcement, Meta said the company has repeatedly violated the terms of service of advertisers, and that the move is part of a larger crackdown on similar deepfake apps driven by “hostile advertisers.” “We will continue to take the necessary steps, just like those who abuse these platforms.