Microsoft has delayed the release of its AI tool, Recall, once more, prioritizing security concerns. Recall, integrated into Microsoft’s Copilot+ AI Assistant, allows users to retrieve “snapshots” of past PC activities—such as viewing websites or documents—through searchable history. While the feature offers convenience, security experts worry it could be exploited by cybercriminals if not adequately protected.

Responding to these concerns, Microsoft has reinforced Recall’s security, stating that the tool uses encryption, requires user opt-in, and stores data in a secure enclave, inaccessible even by high-level system accounts without biometric verification. They also state that Recall excludes sensitive information, like credit card numbers, from storage and allows users to delete data selectively. With all that said, the latest release has been postponed until December to implement additional protections.

Meanwhile, it has been observed that Microsoft may be watching the security responses to a similar feature in Anthropic’s Claude AI, which also captures computer snapshots.

Critics also highlight inherent privacy risks in tools like Recall. Suggesting Microsoft’s data collection could serve AI training rather than purely user convenience. All in all, experts recommend caution until Recall’s protections are fully verified.

Microsoft has postponed the release of its AI tool, Recall, to address security concerns and privacy issues. Privacy experts suggest Microsoft may be taking cues from Anthropic’s similar feature in Claude AI. Concerns linger that Recall’s data collection could support AI training, with experts advising caution until protections are confirmed.

Cybersecurity researchers have identified an enhanced version of the LightSpy spyware targeting Apple iOS devices. This updated variant expands its surveillance capabilities and introduces destructive features that can render infected devices inoperable.

The spyware is delivered through a WebKit exploit, exploiting a memory corruption vulnerability (CVE-2020-3837) to install itself. Once active, LightSpy’s modular architecture allows it to capture a wide array of sensitive information, including Wi-Fi details, screenshots, location data, iCloud Keychain contents, and communications from apps like WhatsApp and WeChat.

The latest version has increased its plugins to 28, some of which can delete media files, SMS messages, and contacts. The spyware can even prevent the device from booting. The exact method of distribution remains unclear, though it’s suspected to involve watering hole attacks. Evidence suggests the operators may be based in China, as the spyware recalculates location coordinates using a system exclusive to the country.

A new, advanced version of LightSpy spyware targets iOS devices via a WebKit exploit. This enables extensive data theft and potential device disablement. It collects sensitive info like location and app data and can even delete files or prevent the device from booting. The spyware shows the importance of regular device updates to protect against such threats.

Ready to see it in action?