Thomson Reuters Foundation said it plans to deploy the tool for female journalists.
California, Virginia, and Colorado are the only other states with a privacy law.
Two of the vulnerabilities are rated critical -- CVE-2022-22006 and CVE-2022-24501.
The initiative is hoping to combat third-party data breaches by using Whistic Profiles as a standard for assessing, publishing and sharing security information.
The report said one had a "critical" severity score and the other had a "high" severity score.
Scammers typically call victims and say their identity was used in a crime before asking them to verify their social security number and date of birth.
Max Kellermann explained that the vulnerability affects Linux Kernel 5.8 and later versions.
One newspaper urged customers to stop calling about the issue.
Some of the source code of Galaxy devices was leaked in the breach but no personal information of customers was compromised, Samsung says.
FBI director Christopher Wray told Politico on Thursday that a landmark cybersecurity bill "would make the public less safe from cyber threats" because it did not include them.
Microsoft is halting new sales in Russia in response to the Russian invasion of Ukraine.
Both Mariupol and Sumy are experiencing widespread blackouts following attacks by Russian forces.