FlagThis

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

A critical zero-day vulnerability impacting all supported Windows versions (7-11 and Server 2008 R2-2022) allows attackers to capture NTLM credentials by simply having a user view a malicious file in Windows Explorer. This vulnerability highlights the ongoing risk posed by zero-day exploits and the importance of robust security patches and awareness programs. The vulnerability’s simple exploit method underlines the necessity for strong security practices and endpoint protection.