Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind."
The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company.
The media

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

The White House has undertaken initiatives to crack down on immigration, suppress speech, and curtail US public health efforts. These online tools are tracking the rapidly changing US landscape.

In just a few months, Donald Trump’s second presidential term has drastically reshaped the United States federal government and moved to consolidate the power of the executive branch. At the behest of the president, numerous federal agencies have undertaken aggressive, invasive initiatives to crack down on immigration, police speech, investigate political opponents, curtail US public health efforts and emergency preparedness, and more.

With so much happening at once, numerous organizations and individuals have launched databases, interactive maps, and other trackers to catalog these government actions and their impacts on people’s civil rights across the US. Using open source intelligence, public data, news coverage, and other research, these tools are vital resources for documenting, contextualizing, and analyzing the flood of federal activity that is fundamentally reshaping the US. Here are a few prominent examples.

**The Impact Map**

**by The Impact Project, Americans for Public Service**

This interactive map tracks changes to US federal government funding, workforce, and policy across the country, documenting things like mass worker firings, hiring freezes, funding cuts, and lease terminations. The tool also shows places where funding has subsequently been unfrozen, federal workers have been rehired or may be, or the federal government has added a new service or benefit.

The map includes notations to specifically document impacts in rural US counties, areas in which the population is majority non-white, places where 20 percent or more of the population live below the poverty line, and indigenous lands. It also catalogs responses to these initiatives, including legal actions as well as local and state responses to funding cuts.

**United States Disappeared Tracker**

**by Danielle Harlow, data analyst**

This dashboard tallies the number of people impacted by the Trump administration’s mass deportations carried out by US Immigration and Customs Enforcement (ICE). The number is already over 4,000. The tool also monitors the status of each individual to the degree that information is available, noting their names, original country of origin, and where they are being detained, when available.

The tracker crucially follows each individual’s status, noting whether they are in ICE custody, have been released temporarily or permanently, have been deported, have “self-deported,” or have died in ICE custody. The tool also lists how many days their ordeal has continued.

**ICE Flight Tracking**

**by Tom Cartwright, immigration rights advocate**

Tom Cartwright is a retired JP Morgan executive who uses flight monitoring data from around the country to track ICE Air deportation flights, return flights, and flights within the US. He posts regular, specific updates on his Bluesky social media page and produces monthly reports for the immigration rights group Witness at the Border about ICE Air flights and tallies. In the past 12 months, Cartwright has collected data on roughly 8,000 ICE Air flights, including 824 in April. More than 1,500 of that 12-month total were “removal flights,” while about 1,400 were “removal return” flights. The other roughly 5,000 trips were “ICE Air domestic flights” within the US.

**Regulatory Changes Tracker**

**by The Brookings Institution**

The think tank Brookings has built a database cataloging significant regulatory changes implemented since the start of the second Trump administration. It includes new executive orders and regulatory freezes as well as Trump administration changes to executive orders that were issued by past administrations. For example, the White House rescinded a 2022 Biden executive order aimed at lowering the cost of prescription drugs and another from that year calling for research into cryptocurrency regulation.

**Trump Administration Litigation Trackers**

**by Just Security and Lawfare**

The law and policy publications Just Security and Lawfare each offer databases that track lawsuits challenging Trump administration initiatives. The tools include case names, docket numbers, and jurisdictions, as well as the executive action being challenged and the status of the litigation. In most cases, the Trump administration has pursued its agenda without congressional oversight or corresponding legislation, and a number of Trump administration efforts that have been challenged in court thus far have either been paused or permanently blocked from continuing.

**Far Right Groups Targeting Pride Month**

**by Teddy Wilson, Radical Reports**

Anti-LGBTQ+ groups, including fundamentalist Christian nationalists and white supremacist extremist groups, have targeted Pride Month events previously and are expected to again this June, particularly given the Trump administration’s violent rhetoric and executive actions related to trans rights. This map is tracking Pride Month events around the country and indications that radical opposition groups plan to target the gatherings.

6 Tools for Tracking the Trump Administration’s Attacks on Civil Liberties

Users of the Meta AI seem to be sharing their sensitive conversations with the entire world without being aware of it

Conversations that people are having with the Meta AI app are being exposed publicly, often without the users realizing it, revealing a variety of medical, legal, and private matters. The standalone app and the company’s integrations with artificial intelligence (AI) across its platforms—Facebook, Instagram, and WhatsApp—are now facing significant scrutiny for such privacy lapses.

The past two years have seen an explosion in generative AI tools, such as ChatGPT, Anthropic’s Claude, Google Gemini, and more. But with new players entering the market almost daily, not all of them deserve the same level of trust.

With 1 billion active monthly users, Meta AI is one of the contenders aiming for ChatGPT’s crown. To monetize this success, Meta’s CEO Zuckerberg said “there will be opportunities to either insert paid recommendations” or offer “a subscription service so that people can pay to use more compute.”

Similar to ChatGPT, Meta AI can generate text, answer questions, and help users plan, brainstorm, and strategize on various issues. But when using the Meta AI app, after submitting a question, users can also press a “share” button, which directs them to a screen showing a preview of the post, which users can then publish. But some users appear blissfully unaware that they are sharing these text conversations, audio clips, and images **publicly** with the world.

Other users can access “shared” conversations by using the apps Discover feed.

With only one glance at that feed, I found this example of a conversation the user might not have wanted to be publicly visible. A teacher shared an email thread regarding their upcoming arbitration of a job termination that felt unjust. The Meta AI app responded:

> “Hello {name}, it’s great to hear from you again. I can sense the emotional weight of revisiting this experience, and **I appreciate your trust in sharing it with me**. It sounds like a really tough situation, and I’m here to listen and support you as you process it. No rush, take your time to gather your thoughts, and we can continue the conversation whenever you’re ready. How’s the preparation for the arbitration going so far?”

The emphasis is by me. If the AI realizes how much trust it takes to share that story with anyone, even if it’s only a bot, then how must it feel when the user finds out the whole world can find and read it. I didn’t even have to log in to find this conversation.

TechCrunch reported about people asking for help with tax evasion and other personal matters, calling Meta AI a “privacy disaster.” Many sources found threads about medical topics, and other conversations about delicate and private issues.

What people may not realize is that if they use the integrated versions on social media, they are logged in and their conversation can be tied to their social media profile.

Your best option would be not to use Meta AI at all. If you do, make sure you are not logged in and double check that fact if you are logged in on any of the Meta platforms on the same device. And never, ever use the Share button unless you mean to.

Meta spokesperson Daniel Roberts wrote in an emailed statement to WIRED that users’ chats with Meta AI are private unless users go through a multistep process to share them on the Discover feed.

When asked about these mishaps, the Meta AI chatbot said:

> “Some users might unintentionally share sensitive info due to misunderstandings about platform defaults or changes in settings over time.”

However, Meta has not provided detailed, easily accessible in-app guidance at the moment of sharing, which contributes to user confusion. I decided to ask Meta AI.

**Question**: What do I need to do so you don’t share our conversation with the rest of the world? And is it true that the information I share with you might be used for advertising? Or, at least for “sponsored” recommendations?

**Answer**: Your conversations with me are used to improve the model and might be reviewed by our team to ensure quality. We may also use your conversations to train our models to be more helpful and accurate. However, we take steps to protect your privacy.

If you have concerns about how your data is used, you can visit Meta’s Privacy Center to learn more about how Meta handles data: https://www.facebook.com/privacy/center/.

Did that actually answer my question? No.

So, here are the steps you may want to take if you decide to engage with Meta AI for all the different platforms where you may encounter it.

**Meta AI App**

*   To ensure your prompts and conversations are only visible to you:
    *   Tap your profile icon in the Meta AI app.
    *   Go to **Data & Privacy** under **App settings**.
    *   Select **Manage your information**.
    *   Set **Make all your prompts visible to only you**.
*   Avoid using the **Share** button unless you are certain you want your conversation to appear publicly on the Discover feed.

**WhatsApp, Facebook, and Instagram**

Note: Conversations with Meta AI on WhatsApp are not protected by end-to-end encryption and may be used for AI training

To limit Meta’s use of your data for AI training:

*   Go to **Settings & Privacy > Privacy Center**.
*   Scroll to **Privacy Topics** and select **AI at Meta**.
*   Under **Submit an objection request** click Your messages with **AIs on WhatsApp** (or any of the other platforms you’re looking for) and fill out the form to request that Meta not use your data for AI training.  
    

**Deleting AI conversation data**

Meta has introduced commands to delete information shared in any chat with an AI:

*   For example, type /reset-ai in a conversation on Messenger, Instagram, or WhatsApp to delete your AI messages.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 Your Meta AI chats might be public, and it’s not a bug 

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.

A major groundswell of nationwide protests against the second Trump administration has arrived.

If you're going to join any protests, as is your right under the First Amendment, you need to think beyond your physical well-being to your digital security, too. The same surveillance apparatus that’s enabling the Trump administration’s raids of undocumented people and targeting of left-leaning activists will no doubt be out in full force on the streets.

Two key elements of digital surveillance should be top of mind for protestors. One is the data that authorities could potentially obtain from your phone if you are detained, arrested, or they confiscate your device. The other is surveillance of all the identifying and revealing information that you produce when you attend a protest, which can include wireless interception of text messages and more, and tracking tools like license plate scanners and face recognition. You should be mindful of both.

After all, police have already demonstrated their willingness to arrest and attack entirely peaceful protesters as well as journalists observing demonstrations. In that light, you should assume that any digital evidence that you were at or near a protest could be used against you.

“The Trump administration is weaponizing essentially every lever of government to shut down, suppress, and curtail criticism of the administration and of the US government generally, and there have never been more surveillance toys available to law enforcement and to US government agencies,” says Evan Greer, the deputy director of the activist organization Fight for the Future, who also wrote a helpful X (then-Twitter) thread laying out digital security advice during the Black Lives Matter protests in the summer of 2020. “That said, there are a number of very simple, concrete things that you can do that make it exponentially more difficult for someone to intercept your communications, for a bad actor to ascertain your real-time location, or for the government to gain access to your private information.”

_This story was originally published on May 31, 2020 and updated on June 12, 2025._

**Your Phone**

The most important decision to make before leaving home for a protest is whether to bring your phone—or what phone to bring. A smartphone broadcasts all sorts of identifying information; law enforcement can force your mobile carrier to cough up data about what cell towers your phone connects to and when. Police in the US have also been documented using so-called stingray devices, or IMSI catchers, that impersonate cell towers and trick all the phones in a certain area into connecting to them. This can give cops the individual mobile subscriber identity number of everyone at a protest at a given time, undermining the anonymity of entire crowds en masse.

“The device in your pocket is definitely going to give off information that could be used to identify you,” says Harlo Holmes, director of digital security at the Freedom of the Press Foundation, a nonprofit press advocacy group. (Disclosure: WIRED’s global editorial director, Katie Drummond, serves on Freedom of the Press Foundation’s board.)

For that reason, Holmes suggests that protesters who want anonymity leave their primary phone at home altogether. If you do need a phone for coordination or as a way to call friends or a lawyer in case of an emergency, keep it off as much as possible to reduce the chances that it connects to a rogue cell tower or Wi-Fi hot spot being used by law enforcement for surveillance. Sort out logistics with friends in advance so you only need to turn your phone on if something goes awry. Or to be even more certain that your phone won’t be tracked, keep it in a Faraday bag that blocks all of its radio communications. Open the bag only when necessary. Holmes herself uses and recommends the Mission Darkness Faraday bag.

If you do need a mobile device, consider bringing only a secondary phone you don’t use often, or a burner. Your main smartphone likely has the majority of your digital accounts and data on it, all of which law enforcement could conceivably access if they confiscate your phone. But don’t assume that any backup phone you buy will grant you anonymity. If you give a prepaid carrier your identifying details, after all, your “burner” phone could be no more anonymous than your primary device. “Don’t expect because you got it from Duane Reade that you’re automatically a character from _The Wire_,” Holmes cautions.

Instead of a burner phone, Holmes argues that it may be far more practical to simply own a secondary phone that you’ve set up to be less sensitive—leaving off accounts and apps that offer your most private information to anyone who seizes it, such as social media, email, and messaging apps. “Choosing a secondary device that limits the amount of personal data that you have on you at all times is probably your best protection,” Holmes says.

Regardless of what phone you’re using, consider that traditional calls and text messages are vulnerable to surveillance. That means you need to use end-to-end encryption. Ideally, you and those you communicate with should use disappearing messages set to self-delete after a few hours or days. The encrypted messaging and calling app Signal has perhaps the best and longest track record. Just make sure you and the people you’re communicating with are using the same app, since they’re not interoperable.

Aside from protecting your phone’s communications from surveillance, be prepared in the event police seize your device and try to unlock it in search of incriminating evidence. The first order of business is to make sure your smartphone’s contents are encrypted. iOS devices have full disk encryption on by default if you enable an access lock. For Android phones, go to **Settings**, then **Security** to make sure the **Encrypt Disk** option is turned on. (These steps may differ depending on your specific device.)

Regardless of your operating system, always protect devices with a long, strong passcode rather than a fingerprint or face unlock. As convenient as biometric unlocking methods are, it may be more difficult to resist an officer forcing your thumb onto your phone’s sensor, for instance, than to refuse to tell them a passcode. So if you use biometrics day-to-day for convenience, disable them before heading into a protest.

If you insist on using biometric unlocking methods to have faster access to your devices, keep in mind that some phones have an emergency function to disable these types of locks. Hold the wake button and one of the volume buttons simultaneously on an iPhone, for instance, and it will lock itself and require a passcode to unlock rather than FaceID or TouchID, even if they’re enabled. Most devices also let you take photos or record video without unlocking them first, a good way to keep your phone locked as much as possible.

**Your Face**

Face recognition has become one of the most powerful tools to identify your presence at a protest. Consider wearing a face mask and sunglasses to make it far more difficult for you to be identified by face recognition in surveillance footage or social media photos or videos of the protest. Fight for the Future’s Greer cautions, however, that the accuracy of the most effective face recognition tools available to law enforcement remains something of an unknown, and a simple surgical mask or KN95 may no longer be enough to defeat well-honed face-tracking tech.

If you’re serious about not being identified, she says, a full-face mask may be far safer—or even a Halloween-style one. “I've seen people wear funny cosplay-style cartoon masks or mascot suits or silly costumes,” says Greer, offering as an example Donald Trump and Elon Musk masks that she’s seen protesters wear at Tesla Takedown protests against Musk and the so-called Department of Government Efficiency (DOGE). “That's a great way to defy facial recognition and also make the protest more fun.”

You should also consider the clothes you’re wearing before you head out. Colorful clothing or prominent logos makes you more recognizable to law enforcement and easier to track. If you have tattoos that make you identifiable, consider covering them.

Greer cautions, though, that preventing determined surveillance-empowered agencies from learning the mere fact that you attended a protest at all is increasingly difficult. For those of you in the most sensitive positions—such as undocumented immigrants at risk of deportation—she suggests that you consider staying home rather than depend on any obfuscation technique to mask their presence at an event.

If you’re driving a car to a protest—your own or someone else’s—consider that automatic license plate readers can easily identify the vehicle’s movements. And, in addition to license plates, be aware that these same sensors can also detect other words and phrases, including those on bumper stickers, signs, and even T-shirts.

More broadly, everyone who attends a protest needs to consider—perhaps more than ever before—what their tolerance for risk might be, from mere identification to the possibility of arrest or detention. “I think it's important to say that protesting in the US now comes with higher risks than it used to—it comes with a real possibility of physical violence and mass arrest,” says Danacea Vo, the founder of Cyberlixir, a cybersecurity provider for nonprofits and vulnerable communities. “Even just compared to protests that happened last month, people were able to just show up barefaced and march. Now things have changed.”

**Your Online Footprint**

Though most privacy and security considerations for attending an in-person protest naturally relate to your body, any devices you bring with you, and your physical surroundings, there are a set of other factors to think about online. It’s important to understand how posts on social media and other platforms before, during, or after a protest could be collected and used by authorities to identify and track you or others. Simply saying on an online platform that you are attending or attended a protest puts the information out there. And if you take photos or videos during a protest, that content could be used to expand law enforcement’s view of who attended a protest and what they did while there, including any strangers who appear in your images or footage.

Authorities can come to your online presence by looking for information about you in particular, but can also arrive there using bulk data analysis tools like Dataminr that offer law enforcement and other customers real-time monitoring connecting people to their online activity. Such tools can also surface past posts, and if you’ve ever made violent comments online or alluded to committing crimes—even as a joke—law enforcement could discover the activity and use it against you if you are questioned or arrested during a protest. This is a particular concern for people living in the US on visas or those whose immigration status is tenuous. The US State Department has said explicitly that it is monitoring immigrants’ and travelers’ social media activity.

In addition to written posts, keep in mind that files you upload to social media might contain metadata like time stamps and location information that could help authorities track protest crowds and movement. Make sure you have permission to photograph or videotape any fellow protesters who would be potentially identifiable in your content. Also think carefully before livestreaming. It’s important to document what’s going on but difficult to be sure that everyone who could show up in your stream is comfortable being included.

Even if you take photos and videos that you don’t plan to post on social media or otherwise share, remember that this media could fall into law enforcement’s hands if they demand access to your device.

With federal crackdowns on protests ramping up around the country, Cyberlixir’s Vo says that people must assess each situation and weigh the benefits of maintaining personal privacy versus chronicling the reality of what’s happening at protests.

“Social media monitoring and online profiling is the factor that lots of people forget. Those who publish footage on social media should avoid sharing photos or videos that reveal people's faces,” she says. “But I also believe that documenting what’s going on is essential, especially in high-risk conditions, because when the state escalates we need proof for legal defense, for public record, for future organizing, and also to keep ourselves physically safe in real time.”

As protests continue—with the real possibility of even further escalated response from the Trump administration—be prepared for the emergence of forms of digital surveillance that have never been used in the US before to counter civil disobedience or to retaliate against protesters after the fact. Protesters will need to stay vigilant, and Fight for the Future’s Greer emphasizes that everyone has different potential vulnerabilities and tolerance for risk. For people of every category of risk, however, a few thoughtful privacy protections can go a long way towards empowering them to hit the streets.

“Part of the goal of governments extending and implementing mass surveillance programs is to scare people and make people think twice before they speak up,” Greer says. “I think that we should be very careful in this moment not to fall into that trap.”

How to Protest Safely in the Age of Surveillance

The undocumented migrant community in the United States is using social networks and other digital platforms to send alerts about raids and the presence of immigration agents around the US.

The Coalition for Humane Immigrant Rights of Los Angeles (Chirla) estimates that in recent days, around 300 migrants have been detained in California as part of raids carried out by Immigration and Customs Enforcement (ICE), in compliance with an order issued by the Trump administration.

This figure is based on collaborative reports compiled by the Rapid Response Network, an alliance comprised of dozens of organizations that provide support to migrants and disseminate information about immigration detentions and operations.

Angelica Salas, director of Chirla, described the raids as a phenomenon “never seen before” in the three decades she has been defending migrant communities, according to statements reported by The Los Angeles Times.

Jorge Mario Cabrera, spokesman for the same organization, told the EFE news agency that most of the detainees are not criminals, “as the US government has tried to portray them.” He indicated that most of those arrested are workers from Los Angeles, although arrests have also been documented in other parts of the state.

In the midst of intense protests against Trump's immigration policies, these operations are expected to continue in Los Angeles for at least 30 days, according to US representative Nanette Barragan, citing data provided by the White House. Likewise, an escalation of these actions is anticipated nationwide, after the administration announced its goal of making up to 3,000 arrests per day.

Several migrant-rights organizations have warned about possible violations of due process of people targeted by ICE. They have denounced ICE for restricting access to detainees on multiple occasions, which could limit their right to adequate legal representation.

**Watching ICE**

This situation has generated concern among the undocumented population, most of whom are of Hispanic origin, which has intensified the use of social networks to alert people about the presence of immigration agents in different regions of the US.

In a search conducted by the WIRED en Español team, several groups and pages were identified on digital platforms dedicated to receiving, verifying, and disseminating reports about ICE checkpoints, patrols, and raids. The origin of these profiles is diverse: Some are managed by well-known nongovernmental organizations and activist collectives, while others were created by private members of the migrant community.

The family of a man apprehended by ICE agents demands that the victim be returned.

Genaro Molina/Los Angeles Times via Getty Images

Alerts about operations are disseminated through direct messages, WhatsApp, or posts on each page's feed. In turn, it is possible to anonymously report the presence of immigration agents through private text messages or calls to specific phone numbers.

In general, users are asked for basic data such as time, date, city, state, and exact location of the operation, as well as photographs or videos when it is possible to document them. In addition to issuing real-time alerts, many of these pages offer free legal guidance, not only on migration issues, but also on labor rights, access to health, education, and other key services.

Some of the networks active in this work include:

Union del Barrio California

This grassroots pro-immigrant organization maintains an active presence on Facebook. It conducts community patrols to detect ICE movement, shares urgent alerts, and organizes workshops on legal rights.

Chirla

With constant activity on Facebook and other platforms, Chirla publishes notifications about raids, provides legal advice, and calls for citizen mobilizations in the face of new raids.

Stop ICE Raids Alert Network

This network distributes emergency alerts and offers assistance to people affected by ICE raids. In addition to its social network accounts, it has a web page that allows people to receive geolocalized notifications in real time.

Siembra NC

This organization operates primarily in North Carolina. Through its Facebook page, it promotes a whistleblower hotline (336-543-0353). Although its focus is on Alamance, Durham, Forsyth, Guilford, Orange, Wake, Randolph, and Rockingham counties, it has a statewide presence across North Carolina.

RadarSafe

This project uses the Common Alerting Protocol (CAP), a system for sending out digital emergency alerts, to provide secure information on immigration stops and operations. It also publishes community-submitted reports and verifies information with support from local residents.

Inmigración y Visas

Focused on immigration issues, this portal offers a WhatsApp channel where users can report raids, exchange experiences, and receive advice. It also shares informative content on its Facebook page and website.

SignalSafe

Adding to this assistance network is SignalSafe, an application created by a team of anonymous developers that provides real-time alerts on ICE activity. Through collaborative reporting, the app maps sightings of federal agents and unidentified vehicles, allowing migrants to avoid potential checkpoints.

Since Trump's return to the presidency, SignalSafe has gained widespread popularity. The tool allows the integration of various filters based on the user's location, type of activity by immigration authorities, and time range.

This platform is fed by citizen reports, which are verified by a group of specialized moderators. The system is bilingual, with support for Spanish and English, and has advanced security protocols to help protect user privacy.

**Key Access**

Given the growing number of raids in the United States and the lack of certainty about the safety of those detained in these operations, examples such as the above show that some sectors of the citizenry seem to have taken an active role in digital spaces against the implementation of immigration policies.

In this context, the widespread use of social networks among the migrant community has turned these platforms into key tools within the resistance movement. According to data from the International Organization for Migration, by 2023, 64 percent of migrants in transit through Central America, Mexico, and the Dominican Republic—mostly bound for the United States—had access to a smartphone and internet connection during their journey. Of these, 47 percent of men and 35 percent of women used these devices to access social networks.

_This story was originally published on_ WIRED _en Español_ _and has been translated from Spanish._

Social Media Is Now a DIY Alert System for ICE Raids

Siemens SIMATIC S7-1500 CPU Family

AppOmni research reveals over 20 security vulnerabilities, including zero-days, in the Salesforce Industry Cloud. Learn about critical risks, customer responsibilities, and how to protect sensitive data.

A recent investigation by security research firm AppOmni has brought to light more than twenty security weaknesses within Salesforce‘s Industry Cloud products. These findings, shared with Hackread.com, include several critical, previously unknown vulnerabilities, known as zero-days, which have been given a high-risk rating.

The research, led by AppOmni’s Chief of SaaS Security Research, Aaron Costello, highlights how simple setup mistakes by users can expose sensitive information and lead to serious security problems.

For your information, Salesforce Industry Clouds are designed to help businesses in areas like healthcare, finance, and telecommunications build custom solutions quickly, even for those without deep technical skills. This low-code approach makes development fast, but it also means users have a responsibility to set up the platform securely.

Costello’s research revealed that basic settings and common but unsafe practices could allow unauthorized access to encrypted data, enable session stealing, and expose login details and business information.

Five of the critical vulnerabilities have been assigned CVEs (Common Vulnerabilities and Exposures), with three already fixed and two needing action from customers to resolve. Sixteen other setup risks remain the customer’s responsibility to fix.

****Understanding the Risks****

The security problems found affect important parts of Salesforce, such as FlexCards, Data Mappers, and Integration Procedures. These components are used to handle and display data within the platform. For example, some issues found could allow people without the right permissions to see encrypted data or bypass security checks.

This means sensitive information like names, addresses, financial records, and even healthcare data could be at risk. Attackers could also steal login information, potentially gaining access to other company systems.

Specifically, five serious vulnerabilities (CVE-2025-43697, CVE-2025-43698, CVE-2025-43699, CVE-2025-43700, and CVE-2025-43701) were identified in FlexCards and Data Mappers. Four of these are rated as high severity.

One vulnerability, CVE-2025-43697, found in Data Mapper, could expose encrypted information if not handled properly. The FlexCard vulnerabilities include issues where field-level security can be ignored (CVE-2025-43698), required permissions can be bypassed (CVE-2025-43699), encrypted data can be viewed by unauthorized users (CVE-2025-43700), and custom settings data can be exposed (CVE-2025-43701).

****Customer Action is Key****

Approximately a quarter of AppOmni’s customers use Salesforce Industry Clouds, highlighting the widespread impact of these findings. It’s crucial for organizations using these services to review and secure their configurations immediately.

Salesforce has worked with AppOmni to address these issues. While Salesforce has provided fixes for some issues, many of the identified risks require customers to make specific changes to their settings. This approach is vital to prevent attackers from exploiting these weaknesses. AppOmni has also released tools to help customers detect these misconfigurations in their Salesforce Industry Cloud setups.

Aaron Costello, chief of SaaS Security Research at AppOmni emphasized the need for better security practices in SaaS applications, noting that misconfigured SaaS apps are a significant yet often overlooked risk.

“My research highlights how simple misconfigurations can create serious risks, not just within Industry Cloud but across an organization’s entire Salesforce environment. By understanding these risks and applying best practices, companies can fully leverage Industry Cloud’s capabilities without exposing themselves to unnecessary threats,” Costello noted.

Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days

OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools…

OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools by malicious groups from countries like China, Russia, North Korea, and Iran.

In a new report released earlier this week, OpenAI announced it has successfully shut down ten major networks in just three months, demonstrating its commitment to combating online threats.

The report highlights how bad actors are using AI to create convincing online deceptions. For instance, groups connected to China used AI to post mass fake comments and articles on platforms like TikTok and X, pretending to be real users in a campaign called Sneer Review.

This included a false video accusing Pakistani activist Mahrang Baloch of appearing in a pornographic film. They also used AI to generate content for polarizing discussions within the US, including creating fake profiles of US veterans to influence debates on topics like tariffs, in an operation named Uncle Spam.

North Korean actors, on the other hand, crafted fake resumes and job applications using AI. They sought remote IT jobs globally, likely to steal data. Meanwhile, Russian groups employed AI to develop dangerous software and plan cyberattacks, with one operation, ScopeCreep, focusing on creating malware designed to steal information and hide from detection.

An Iranian group, STORM-2035 (aka APT42, Imperial Kitten and TA456), repeatedly used AI to generate tweets in Spanish and English about US immigration, Scottish independence, and other sensitive political issues. They created fake social media accounts, often with obscured profile pictures, to appear as local residents.

AI is also being used in widespread scams. In one notable case, an operation likely based in Cambodia, dubbed Wrong Number, used AI to translate messages for a task scam. This scheme promised high pay for simple online activities, like liking social media posts.

The scam followed a clear pattern: a “ping” (cold contact) offering high wages, a “zing” (building trust and excitement with fake earnings), and finally, a “sting” (demanding money from victims for supposed larger rewards). These scams operated across multiple languages, including English, Spanish, and German, directing victims to apps like WhatsApp and Telegram.

OpenAI actively detects and bans accounts involved in these activities, using AI as a ‘force multiplier’ for its investigative teams, the company claims. This proactive approach often means many of these malicious campaigns achieved little authentic engagement or limited real-world impact before being shut down.

Adding to its fight against AI misuse, OpenAI is also facing a significant legal challenge regarding user privacy. On May 13, a US court, led by Judge Ona T. Wang, ordered OpenAI to preserve ChatGPT conversations.

This order stems from a copyright infringement lawsuit filed by The New York Times and other publishers, who allege OpenAI unlawfully used millions of their copyrighted articles to train its AI models. They argue that ChatGPT’s ability to reproduce, summarize, or mimic their content without permission or compensation threatens their business model.

OpenAI has protested this order, stating it forces the company to go against its commitment to user privacy and control. The company highlighted that users often share sensitive personal information in chats, expecting it to be deleted or remain private. This legal demand creates a complex challenge for OpenAI.

OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea

Find out where and how victims can report online scams to prevent more victims and possibly recover funds.

If you’ve been scammed it’s really important to report it, if you can, in order to help prevent others falling for the same scam, and give authorities a chance to catch the criminal who did it.

The methods in which to report a scam varies according to the country you’re in, the platforms you’re using, and the outcome of the scam, so here are the most common methods you may need. Remember to report to both the authorities and the platforms the scammers are using.

**How to report a scam in the United States**

*   **Report to the FBI’s Internet Crime Complaint Center (IC3):** File a complaint online at ic3.gov as soon as possible. This is the main hub for cybercrime reports and helps with investigations and to gather intelligence about scams and the people behind them. Rapid reporting can also help support the recovery of lost funds.
*   **Contact local law enforcement:** If you lost money, you should also file a report with your local police department.
*   **Notify your bank or credit card company:** Inform them about the fraud in order to freeze accounts or reverse charges where possible.

**How to report a scam in Canada**

*   **Canadian Anti-Fraud Centre (CAFC):** Call 1-888-495-8501 or report online. The CAFC collects fraud reports nationwide and coordinates with law enforcement and the National Cybercrime Coordination Centre (NC3).
*   **Local police:** Report the scam to your local police department, especially if you lost money.
*   **Credit bureaus:** It is advisable to contact Equifax Canada and TransUnion Canada to order a free credit report immediately and ask that a fraud alert be put on your file.
*   **Financial institutions:** Notify your bank or credit card issuer immediately, but also to the financial institution that transferred the money in case that’s a different one.

**How to report a scam in the United Kingdom**

*   **Action Fraud:** Report online at actionfraud.police.uk or call 0300 123 2040 (Monday to Friday, 8 am to 8 pm). Action Fraud is the national reporting center for fraud and cybercrime. It collects reports about fraud on behalf of the police in England, Wales and Northern Ireland. For fraud in Scotland please report it directly to Police Scotland.
*   **Local police:** For urgent matters or ongoing threats, contact your local police. If the police decide not to investigate your case as a crime, you might still be able to get compensation or money back by bringing a civil case yourself. Talk to a solicitor or asset recovery agent to find out more.
*   **Financial institutions:** Alert your bank or credit card company to suspicious transactions.

**Reporting scams on popular platforms**

In all countries it’s also helpful to report on the platforms where the scam took place or was initiated. Use built-in reporting tools on platforms like Facebook and WhatsApp to report scam accounts or messages:

**WhatsApp**

*   Open the chat with the suspicious business or individual.
*   Tap the business name or contact info at the top.
*   Scroll down and select **Report Business** or **Report Contact**.
*   Block the contact to stop further messages. The last five messages in the chat will be sent to WhatsApp.

**Facebook**

*   Click the three dots on the post, profile, or message you want to report.
*   Select **Find support or report post/profile/message**.
*   Follow the prompts to specify whether it’s a scam or fraudulent activity.
*   Facebook reviews these reports and may remove or restrict the scammer’s account so they can’t use that account anymore to defraud others.

**Other platforms (e.g. Instagram, X, eBay)**

*   Look for “Report” or “Help” links on the profile or message.
*   Follow platform-specific instructions to flag fraudulent behavior.
*   Provide as much detail as possible about the scam.

 How and where to report an online scam 

Tel Aviv, Israel, 9th June 2025, CyberNewsWire

**Tel Aviv, Israel, June 9th, 2025, CyberNewsWire**

Available to the public and debuting at the Gartner Security & Risk Management Summit, Browser**Total** is a first of its kind browser security assessment tool conducting more than 120 tests to provide posture standing, emerging threat insights, URL analysis, extension risks, and more. 

Seraphic Security, a leader in enterprise browser security, today announced the launch of Browser**Total**, a unique and proprietary public service enabling enterprises to assess their browser security posture in real-time. The launch coincides with the Gartner Security & Risk Management Summit 2025, where Seraphic will be showcasing the new platform with live demos at booth #1257. 

Powered by AI, Browser**Total** offers CISOs and security teams a comprehensive, hands-on environment to test browser security defenses against today’s most sophisticated threats. Key features of the platform include: 

*   Posture analysis and real-time weakness detection 
*   Insights on emerging web-based threats and phishing risks 
*   A novel, state-of-the-art in-browser LLM that analyzes results and generates tailored recommendations 
*   A live, secure URL sandbox for safely testing suspicious links and downloads 
*   And more interactive tools that bring browser security front and center 

> “Web browsers have become one of the enterprise’s most exploited attack surfaces,” said Ilan Yeshua, CEO and co-founder of Seraphic Security. “With Browser**Total**, we’re giving security leaders a powerful, transparent way to visualize their organization’s browser’s security risks, and a clear path to remediation. What makes this truly groundbreaking is that we’re democratizing access to enterprise-grade security analysis. By making Browser**Total** freely available to the entire security community, we’re not just protecting individual organizations; we’re strengthening the collective defense against increasingly sophisticated web-based threats.” 

> “We created Browser**Total** because we saw a critical gap in how organizations understand and prepare for browser-based attacks,” said Avihay Cohen, CTO and co-founder of Seraphic Security. “This isn’t just another security tool, it’s an educational platform that lets security teams experience firsthand how sophisticated these threats have become. My hope is that by making this technology freely available, we can elevate the entire community’s awareness and readiness against the next generation of web threats.” 

Attendees of the Gartner Security & Risk Management Summit 2025 can experience Browser**Total** firsthand at booth #1257. The Seraphic team will be providing live demos, expert insights, and one-on-one consultations on closing the browser security gap. Users can book a demo time in advance here.  

In Q1 of 2025, Seraphic Security announced a $29 million Series A fundraising led by GreatPoint Ventures with participation from the CrowdStrike Falcon Fund and existing investors Planven, Cota Capital, and Storm Ventures. To learn more about Seraphic Security and its patent browser security solution, users can click here.  

**About Seraphic Security:** 

Seraphic is a leader in the rapidly growing Enterprise Browser Security market, driven by its patented technology that turns any browser into a secure browser with robust protection and detection capabilities. Seraphic delivers SWG, CASB, and ZTNA to simplify existing security architectures and significantly reduce SSE cost. Seamlessly and easily deployed, Seraphic also enables secure access to SaaS and private web applications to employees and third parties from managed and personal devices without the complexity and cost of VDI & VPN. Invisible to the end-user, Seraphic supports all browsers and SaaS desktop applications like Teams, Slack, Discord, and WhatsApp. For more information, users can visit https://seraphicsecurity.com. 

**Contact**

**Head of Content Marketing**  
**Eric Wolkstein**  
**Seraphic Security**  
**\[email protected\]**

Tag

#sap