🚀 New features

🛡️ Threats

• 📣 Customizable phishing report button
  You can now customize the text your employees see in the phishing report button: the panel subtitle, the question shown before reporting, and the confirmation messages (for both real emails and simulations). Changes apply automatically, with no need to reinstall the button. 📄 View documentation: https://roadmap.whalemate.com/docs/settings/configuracion-del-boton-de-reporte-de-phishing

• 📥 EML download from the incident detail
  It is now possible to download the reported email directly from the incident detail in .eml format. The file can be opened in any email client and contains the original message as reported by the collaborator.
  

• 💬 Reply to reporter from the Inbox
  From the incident detail, it is now possible to send a reply directly to the collaborator who reported the email. The system validates that the message is not empty before sending and confirms the action once completed. 📄 View documentation: https://roadmap.whalemate.com/docs/threats-siem/bandeja-de-entrada-de-incidentes-3
  

✨ Improvements

🚀 Campaigns

• 🎨 New campaign creation flow
  The campaign creation flow has been redesigned for Email and QRishing with a clearer, more guided experience. The new stepper covers all steps — basic setup, audience, template, and delivery — with progress indicators, inline validations that preserve already-entered data, and a confirmation summary before launching.

🎨 Platform / UX

• 👤 User deactivation instead of deletion
  Users can no longer be permanently deleted from the platform. Instead, they can now be activated or deactivated as needed. Inactive users lose access immediately, while their history and activity within the platform are preserved.

🛡️ Threats

• 🎨 Inbox (SIEM) redesign
  The incident detail view in the Inbox has been redesigned with a cleaner interface, consistent with the rest of the platform. Incident data is now presented with an improved layout, better visual hierarchy, and updated components.

🐛 Bug Fixes

🎓 Awareness — Academy

• 🔏 Fix for custom certificate signatures
  Fixed an issue where certificates with a custom signature were showing two signatures (the custom one and Whalemate's) instead of just one. Certificates now display only the configured signature, with no duplicates.

• ✅ Quiz results now accurately reflect your answers
  Fixed an issue in Academy quizzes where answers could appear as incorrect even when answered correctly, or vice versa. This happened when question order was randomized. Each answer is now linked to the specific question it was given for, regardless of the order in which questions were presented.

📊 Insights

• 📋 Accurate user count in the Simulations Overview
  Fixed an issue in the Simulations Analytics Overview where the user list showed an incomplete subset when filtering by date range or category. The total users displayed now accurately reflects the real data for the selected period and categories.

🚀 New features

🔐 Security

• 🗂️ Audit log view with CSV export (v1)
  Administrators now have access to an audit log view directly in the platform, where they can review all access events, configuration changes, and modified objects in a centralized record. The table includes user, action type, affected object, and UTC timestamp columns, with date range filtering and pagination. Results can be exported as a CSV with the active filters applied — ready to share with security or external audit teams. 📄View documentation

• 📄 Organizational policy management and acceptance (v1)
  Administrators can now upload their organization's policy as a PDF from Settings, view the current version, and replace it whenever needed. They also have access to a full acceptance log showing each employee's name, email, date and time (UTC), IP address, and the specific version they accepted. Employees will see their organization's current policy in the Academy portal, download it, and confirm their acceptance. When a new version is published, anyone who had already accepted is prompted to accept again. 📄View documentation

✨ Improvements

📊 Insights

• 📅 Period selector and configurable comparison in Benchmarking
  The Benchmarking module now includes a period selector with options for 3 months, 6 months, 1 year, and full history. When the period changes, both the organization's own KPIs and the selected benchmark update to the same range. Administrators can choose to compare their performance against the Whalemate global average or their industry average, with both references visible on screen at the same time.

🎓 Awareness — Academy

• 📁 Media library in the course editor
  You can now reuse images already uploaded to the platform directly from the course editor. When inserting an image block, a new "Choose from library" option opens a panel showing all your organization's images, ready to select and insert. No need to re-upload files you've already added to the platform.

🐛 Bug Fixes

🎓 Awareness — Academy

• 🖱️ Scroll in the section reordering panel
  Fixed an issue in courses with many sections where the reordering panel didn't allow scrolling, making lower sections unreachable. You can now scroll through the full list and reorder any section regardless of its position.

🚀 New features

⚙️ Settings

• 🔗 External security system integration (DLP, Proxy, SIEM)

  Whalemate can now receive risk events from external tools such as DLP systems, corporate proxies, and SIEMs. Each event automatically updates the collaborator's risk score and is logged in their history with the source identified. Access tokens are generated from Settings → API Keys → Active Keys. 📄 View documentation

📊 Insights

• 📤 Export your dashboard as PDF, PNG, or JPEG

  Insights overviews (General, Simulations, and Academy) now include an export button. You can download the current state of your dashboard — with active filters applied — in three formats: PDF, PNG, or JPEG. The exported file reflects exactly what you see on screen and is automatically named with the overview name and date.

✨ Improvements

📊 Insights

• 🕐 UTC timestamps in log exports

  When exporting campaign logs, timestamps now appear in a single column in explicit UTC format (2026-06-04T12:00:00Z), replacing the previous separate date and time columns. This makes it easier to integrate data with external tools like SIEMs or automated reports, and ensures there's no timezone ambiguity in the exported files.

• 🎓 Assignment traceability in the Course Audit Log

  In Insights → Academy, the course and learning path Audit Log now displays the campaign that triggered each assignment directly next to the collaborator's name. This information is also visible from the enrollment history. This makes it easy to trace the origin of every assigned training without leaving the current view.

🚀 Campaigns

• 📱 New smishing templates in Spanish, Portuguese, and English

  When creating an SMS campaign, ready-to-use templates are now available in three languages: Spanish, Brazilian Portuguese, and English. Each template includes customizable placeholders and can be previewed before sending.

• 📥 Download campaign events as Excel

  You can now export campaign events per user in Excel format (.xlsx). Access the data you need and analyze it with greater flexibility in your preferred tool.

⚙️ Settings

• 🔐 Session timeout control per company

  Administrators can now set the maximum active session duration directly from Settings → Security. Available options include 30 min, 1 h, 8 h, 24 h, and 7 days — the selected value is saved and persists across page reloads. This setting applies at the company level, making it easier to align the platform with each organization's security policies.

🎓 Awareness — Academy

• 📥 Download enrollments as Excel

  Course and Learning Path enrollment tables can now be exported in Excel format (.xlsx). Filter by completion status and download the report in one click.

🐛 Bug Fixes

🚀 Campaigns

• 📱 Error when launching SMS campaigns with "Send now" at night

  Fixed an issue that prevented creating or updating SMS campaigns using the "Send now" option during late-night hours. The launch date validation now correctly accounts for the timezone configured in the campaign, instead of always comparing against UTC.

⚙️ Settings

• 🧠 Handling of invalid prompts in Smart Groups

  Fixed an issue that allowed certain prompts with contradictory or impossible conditions to generate malformed queries in Smart Groups. The system now detects these cases and returns a clear error message instead of silently processing the request.

📊 Insights

• 📈 Test campaigns excluded from Benchmark Click Rate calculation

  Fixed an issue where test campaigns were being included in the Benchmark module's Click Rate calculation, leading to inaccurate rates. Only real campaigns are now factored into that metric. Individual campaign views and reports are not affected by this change.

🐛 Bug Fixes

🛡️ Threats

• 🔍 The phishing add-in now correctly identifies simulation emails

  Emails from active campaigns no longer show the generic message — the add-in recognizes the domain and responds accordingly.

👥 Teams

• 📋 CSV collaborator upload no longer fails when the ID is numeric

  Files with numeric values in the personal ID field are now processed correctly, without validation errors.

🚀 Campaigns

• ⚡ Aftermath: course list loads faster

  The course selector in the Aftermath section now responds more quickly when opened.

• 🔁 Aftermath: courses no longer repeat when scrolling

  When searching for a course by name and scrolling through the list, each option now appears only once.

🎓 Awareness — Academy

• 🏅 Achievement names corrected for Portuguese

  Achievement names in PT-BR have been updated to use the correct terminology.

📊 Insights

• 📰 Newsletter analytics are no longer affected when collaborators are disabled

  Metrics now accurately reflect the collaborators who participated in the campaign, regardless of whether they were later disabled.

• 🔁 Campaign detail now correctly displays repeat offenders

  Collaborators who clicked on a previous campaign and the current one are now counted as repeat offenders in the campaign detail, consistent with what the Campaign Impact module shows.

🚀 New features

⚙️ Settings

• 🧠 Smart Groups: natural language creation and full management (Beta)

You can now create audience groups by describing in plain language who you want to include (e.g., "collaborators from Buenos Aires with high risk"). The platform interprets the input and automatically generates the group, showing a live preview of the matching collaborators before you confirm.

From the same screen, you can exclude individual collaborators with a reason, undo the exclusion if needed, and see in real time how the final audience looks. The Smart Groups list now includes actions to edit, delete, and activate or deactivate each group as needed.

🔬 This feature is currently in Beta. Check the documentation to learn more, or reach out to your UX contact to request early access.

✨ Improvements

🚀 Campaigns

• 🎯 Campaign metrics now reflect employees' actual behavior

When an employee correctly identifies and reports a simulated phishing email, any further interaction with that same email —such as clicking a link or submitting credentials— is no longer recorded in campaign analytics. This fixes an inconsistency that could mark an employee as "compromised" even after they had already detected the simulation.

Employees who clicked before reporting still appear as compromised, with no change to that existing behavior.

🎨 Platform / UX

• 🌐 Collaborator language and country are now inherited from the company settings (Google Workspace only)

For organizations using the Google Workspace integration, collaborators' language and country are now automatically set based on the company's configured values, instead of defaulting to Spanish regardless of the organization's settings.

Additionally, if a collaborator's language or country has already been manually defined, the Google Workspace sync will respect that value and no longer overwrite it.

🐛 Bug Fixes

🎓 Awareness — Academy

• ✉️ Company name now included in Learning Path expiration emails

Fixed an issue where expiration emails for Learning Path enrollments did not include the company name. These emails are now displayed consistently with individual course expiration notifications.

✨ Improvements

🎨 Platform / UX

• 🧹 Cleaner Settings navigation The Billing section has been removed from the Settings menu since it's not available in the platform. Account administration navigation is now cleaner and free of options that could cause confusion.

• 😴 Empty state in Copilot (Beta) Copilot now shows a guiding message when no activities are available or have already been processed, replacing blank screens with no context. Navigation within the feature is noticeably improved.

🛡️ Threats

• 📧 Incident report emails now sent in the company's configured language When an employee reports a suspicious email, the automatic notification sent to the security team is now delivered in the company's configured language. Previously, these emails were always sent in Spanish. Going forward, companies configured in Portuguese or English will receive incident reports in their respective language, improving clarity and communication for multilingual teams.

📊 Insights

• 🗑️ Delete test campaigns from the Campaign Explorer Test campaigns can now be deleted directly from the Campaign Explorer listing. The row disappears instantly — no page reload needed — and a confirmation modal prevents accidental deletions. This keeps the campaign history clean and makes it easier to manage your workspace.

Applies to test campaigns only. Active or completed campaigns are not affected.

🐛 Bug Fixes

🎨 Platform / UX

• 🔎 Combined filters when creating teams Filters in Settings > Employees > Teams now work as cumulative criteria. Applying email and department at the same time only shows employees who meet all selected conditions, making member selection more accurate and predictable.

🔐 Security

• 🔑 Disable Auth0 SSO without re-entering credentials Administrators can now turn off Auth0 SSO without filling in the Client Secret field. Previously, the form required it even when deactivating the integration, unnecessarily blocking the flow.

• 🔗 Independent SCIM integration management Resolved a conflict where OKTA's configuration affected the display and available actions for Azure AD. Each SCIM integration now fully manages its own state independently.

🎓 Awareness — Academy

• 🗓️ Fix for rescheduling courses as Academy Admin When rescheduling a course assigned to a learner, the change was not being saved correctly for users with the Academy Admin role: the system displayed a confirmation message, but the new date was not reflected for the learner. This has now been fixed. Only courses were affected — learning paths were working correctly.

📊 Insights

• 🔢 Fix on compromised count in the Campaign Explorer The "compromised" indicator now reflects only real user interactions, excluding automatic clicks generated by security systems. Previously, the count could include automated events that inflated the number without representing actual human action. Additionally, the compromised indicator is now only triggered when relevant to the campaign type: credential harvesting or file opening (ransomware).

✨ New Features

🛡️ Threats

• 🔗 Campaign event webhooks
  Support for webhooks has been added to integrate campaign events with external systems such as SIEMs, SOCs, and automation platforms.
  Administrators can now configure endpoints to receive real-time events and also send campaign reports from external systems into Whalemate.
  👉 You can find more information in the corresponding documentation.

🔐 Security

• 🔑 Auth0 authentication support
  Support for Auth0 authentication has been added to Whalemate for both the administration portal and Academy.
  Companies can now enable Auth0 from settings while maintaining compatibility with existing login methods.
  👉 You can find more information in the corresponding documentation.

🛠 More improvements & fixes

🛡️ Threats

• 📩 Reporting button behavior improvements
  The reporting button logic has been updated to provide consistent behavior across Google Workspace and Microsoft Outlook.
  Campaign event registration and .eml forwarding now always occur regardless of notification settings, while loading emails into the SIEM inbox depends solely on the configured flag.

📊 Insights

• 🎨 Awareness Resources analytics redesign
  The visual experience of Awareness Resources analytics has been updated to align with the platform’s current design system.
  Administrators can now explore usage metrics, views, downloads, and shares through a clearer, more consistent, and modern experience. 👉 You can find more information in the corresponding documentation.

🛠 More improvements & fixes

🎓 Awareness — Academy

• 🎨 Enrollment status color standardization
  A visual inconsistency in enrollment status colors between Courses and Learning Paths has been fixed.
  Pending and Expired statuses now use consistent colors across the platform, aligned with the design system.

📊 Insights

• 📅 Launch date filtering in Campaign Impact view
  The date filter behavior in the Campaign Impact view has been updated to use the campaign launch date instead of event dates.
  This improves analysis consistency and prevents campaigns outside the selected period from being displayed.

🔐 Security

• 🔐 Brute force protection for authentication
  Security controls have been added to the login and password recovery flows to limit repeated attempts and reduce the risk of brute force attacks.
  Legitimate users can continue signing in normally, while excessive attempts are temporarily blocked.
  👉 You can find more information in the corresponding documentation.