Small RFK orders HHS to provide Medicaid data for undocumented immigrants to DHS

As the demonstrations intensify, this week has been linked to protests. President Donald Trump took a historic step to deploy the U.S. Marines and National Guard to Los Angeles, and we were trapped in the “long-term danger” of sending troops to Los Angeles and what those troops allowed them to do when they were there.

Of course, this is not just a major crackdown on the military’s involvement in the Los Angeles protests to oppose immigration and customs enforcement (ICE). There is also the Customs and Border Protection Agency (CBP), which further escalates federal participation in flying predator drones through Los Angeles. There are also local and state authorities, who use “non-lethal” weapons and chemicals, such as tear gas against protesters. Even during the Los Angeles protests last weekend, Waymo’s self-driving taxis were set on fire and could be used to investigate people committing crimes during the demonstrations, thanks to their surveillance capabilities.

In addition to the protests, the unlicensed community overturned ICE law enforcement activities by turning social media platforms into DIY alert systems for ICE raids and other activities. With thousands of protests planned this weekend, we updated our guide to protect your privacy (besides your physical safety), while also proofing.

Even if you are not an immigrant and do not participate in any protests, your data may still be shared with immigration authorities. Working with Wired this week, 404 media revealed that data brokers owned by major airlines sold domestic flight data to CBP and directed the agency not to disclose that this was done. The 404 also details an error that allows researchers to discover phone numbers connected to any Google account. (The bug has since been fixed.) Finally, we dissect Apple’s AI strategy, which seems to be more important than privacy, rather than on splash functionality.

That’s not all. Every week, we summarize our privacy and security news that we don’t have in-depth coverage. Click on the headlines to read the full story. And stay safe.

According to the Associated Press, the Trump administration quietly ordered the transfer of Medicaid data belonging to undocumented individuals to deported officials this week, a move that has taken a new turn, with legal experts warning that it could erode the public trust in the government’s processing of personal data and have a shocking effect among undocumented people who are desperately in need of health care.

The transfer was reportedly reportedly by Secretary of Health and Human Services Robert F. Kennedy Jr., the transfer could also be illegal, violating the Social Security Act and other data processing regulations. According to the Associated Press, Medicaid officials warned the government that they have no legal authorization to disclose records and that doing so would assume legal and reputational risks, which could lead states to begin refusing to share information with the federal government, thus affecting the agency’s operational functions.

California Gov. Gavin Newsom’s state, occupied by unwanted federal military forces and hockey agents, carried out a continuous sweep in communities with large immigrant populations, condemning the bill, calling it “possibly illegal.” HHS officials rejected the claim, saying the agency was fully compliant with the law while refusing to clarify to reporters how to actually use the data.

Move over, NSO Group. Citizen Lab revealed in a report this week that two Italian journalists were hacked by spyware made by Israeli telephone surveillance company Paragon, based on a report on forensic analysis of mobile phones. Two other Italians, two migrant rescue nonprofit workers, also saved humanity, and their phones were compromised by the same malware. Paragon’s graphite malware, such as NSO’s Pegasus, infected the phone with a zero-click technology that does not require victim interactions – in this case, a vulnerability was used in an iPhone that used iOS earlier this year, and was patched on the iOS version earlier this year. While the Citizen Lab cannot identify the model client behind the invasion, there is reason to doubt the Italian government, as the Italian parliamentary committee identified two Italian intelligence agencies as Paragon clients in a report earlier this month.

Ukraine’s HUR Military Intelligence Agency said in its latest Salvo targeting the Russian Air Force that it has invaded the Tupolev network, an aerospace company that produces and serves Russian strategic bombers. According to the Cybersecurity News Media records, Ukrainian hackers claim to have stolen 4.4 gigabytes of data, including internal communications, meeting minutes, personnel files and purchase records. In particular, Hur said it targets data on individuals involved in the service and maintenance of the Russian bomb fleet, which targets Ukrainian cities. The hackers also defamed the Tupolev website’s homepage to show the owls clutching Russian planes. “There is no secret in Tuplov’s activities for Ukraine’s intelligence,” Hur said in a statement. “The results of the surgery will attract attention both on the ground and in the sky.” The move comes after Ukraine’s unprecedented drone operation earlier this month, which damaged or destroyed 41 Russian aircraft, including bombers and spy planes.

On Wednesday, an evacuation from Interpol and a 26-country police coalition announced a evacuation known as Operation Security, the company’s domain name and other digital infrastructure are associated with 69 variants of InfoStealer malware. In recent years, malicious hackers have increasingly tended to steal information malware or InfoStealers that capture sensitive information such as passwords, cookies, and search history to make it easier for attackers to target specific organizations and individuals. Interpol said Secure Secure operates from January to April this year, involving the evacuation of more than 20,000 malicious IP addresses or domains, and seized 41 servers and more than 100 GB of data. In connection with investigations in Vietnam, Sri Lanka, Nauru and elsewhere, a total of 32 people were arrested. Interpol describes the operation as a “regional initiative” targeting the cybercrime project organization in the joint operations of Asia and South Pacific.

Meta sued Joy Timeline HK Limited, based in Hong Kong, to repeatedly promote an app called Crushai on Instagram that provides a deep hit of “naked” and uses artificial intelligence to remove clothes from anyone in the photo. Meta announced the lawsuit that the company had repeatedly violated its terms of service for advertisers, a move that was part of a larger crackdown on a similar Deepfake app promoted by “confrontational advertisers” as it would voice the company that violates its terms. “We will continue to take the necessary steps (which may include legal action) to make those who abuse platforms like us,” Mehta wrote in a statement.