A new tool called "TotalRecall Reloaded" has discovered a vulnerability that allows unauthorized access to Windows 11's Recall screenshot database, circumventing Microsoft's security measures.
Security researchers have identified a critical weakness in Microsoft's Windows 11 Recall feature, which captures periodic screenshots of user activity. While the database itself uses encryption, the "TotalRecall Reloaded" tool exploits an unprotected access point to retrieve stored screenshots.
The vulnerability highlights a common security principle: even robust encryption means little if the delivery mechanism lacks protection. In this case, the encrypted vault housing Recall data remains secure, but the pathways leading to it provide inadequate safeguards.
Recall, Microsoft's AI-powered feature, automatically captures what users see on their screens to enable natural language search across their activity history. Since its announcement, the feature has faced scrutiny from privacy advocates and security experts concerned about potential data exposure.
The TotalRecall Reloaded discovery underscores these concerns. Researchers demonstrated that the tool can access screenshots without proper authentication, potentially exposing sensitive information including passwords, personal messages, and confidential documents captured during normal system use.
Microsoft positioned Recall as encrypted and locally stored, intended to operate only on individual machines. However, the database access vulnerability suggests that protection relies on obscurity rather than technical barriers.
The company has not yet issued an official patch or statement regarding the TotalRecall Reloaded findings. Security experts recommend users disable Recall until Microsoft addresses the vulnerability, particularly those handling sensitive information.
This incident reflects broader security challenges in implementing new AI features. Balancing functionality, performance, and security requires careful architecture—especially when systems handle comprehensive activity logs. The Recall feature's design choices, prioritizing local processing and seamless integration, may have inadvertently created access points that bypass intended protections.
Windows 11 users should monitor Microsoft's official channels for security updates and guidance on Recall deployment.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.