Experiencing a Breach?
1-877-353-8352

CISA & Microsoft Warn of High-Severity Exchange Vulnerability: What Business Leaders Need to Know

Anthony Duran on August 15, 2025

When the Office Email Server Becomes the Achilles’ Heel

It was just another Tuesday morning when the IT manager of a mid-sized marketing firm noticed something odd: strange authentication errors flooding the log files of their on-premise Exchange Server. Eleven months prior, they’d migrated many services to Microsoft 365—but kept a hybrid Exchange setup, thinking it was secure. Little did they know that lurking in their hybrid configuration was a flaw that could allow someone with already elevated access to escalate privileges and even take over their entire Exchange Online. 


 This isn’t a hypothetical story. In August 2025, CISA and Microsoft issued urgent alerts about CVE-2025-53786—a high‑severity elevation‑of‑privilege vulnerability in hybrid Microsoft Exchange environments. This article breaks down what it means for your business, school, or organization and how fast action now could be the difference between staying safe… or getting completely compromised. 

What Business Owners Need to Know About This Alert

What’s Going On

CVE‑2025‑53786 affects hybrid configurations of Exchange Server (2016, 2019, and Subscription Edition). An attacker who has already compromised administrative access on-premise could use this vulnerability to escalate privileges into your cloud environment—potentially seizing control of your Microsoft 365 tenant, without leaving obvious logs. 

Why It’s Risky

        • The flaw enables attackers to gain deep access to Exchange Online once they control your on-prem Exchange server. 
        • CISA warns that this could lead to “total domain compromise,” affecting both cloud and local systems. 
        • There’s no evidence of active exploitation yet, but Microsoft labels the flaw as “more likely” to be exploited. 

What CISA & Microsoft Are Telling You to Do

  1. Take the CISA Emergency Directive Seriously. 
    Federal agencies must comply by early August 11. Private entities are strongly urged to follow suit immediately.

  2. Run the Exchange Health Checker. 
    Inventory on-prem Exchange servers, confirm Cumulative Update levels, and ensure applicable April 2025 hotfixes are applied.

  3. Apply Hotfixes and Remove EOL Servers. 
    Update vulnerable servers and disconnect any end-of-life servers with known weaknesses.

  4. Install the Dedicated Hybrid App & Reset Credentials. 
    Swap out the shared service principal and run credential cleanup to reset sensitive authentication elements. 

Risk to Businesses, Schools, and Everyday Organizations

Failure to act could lead to catastrophic outcomes: 

        • Data theft or ransomware — Sensitive customer, legal, or financial data at risk. 
        • Regulatory exposure — GDPR, CCPA, and HIPAA violations with costly penalties. 
        • Operational breakdowns — Once plague-hit organizations for days can’t afford downtime. 
        • Silent intrusion — No trace in cloud logs, meaning breaches go unnoticed. 

Action Plan for Business Leaders

Steps

Action

1. Run Health Checker 

2. Apply Updates 

3. Harden Hybrid Setup 

4. Monitor Activity 

5. Educate Staff 

Inventory your hybrid setup immediately. 

Deploy April 2025 hotfixes and necessary CUs. 

Transition to the dedicated hybrid app and reset service principal credentials. 

Watch for anomalies using logs or SIEM tools. 

Awareness prevents attackers from getting that initial access needed to exploit this issue. 

In Conclusion

CVE-2025-53786 is a sharp reminder that even long-standing configurations—like hybrid Exchange setups—can suddenly become serious liabilities. The good news? You have the information and tools right now to protect your business. By running the Exchange Health Checker, applying critical patches, and reconfiguring your environment, you dramatically reduce your risk profile. 

When it comes to cyber threats like this, swift action isn’t just wise—it’s essential. Are you ready to lead your team safely through this? 

St. Paul, Minnesota Hit by Major Cyberattack — National Guard Activated

Anthony Duran on July 30, 2025

It started like any other Friday morning. But as St. Paul city employees booted up their computers, something felt off—Wi-Fi connections were spotty, login screens froze, and internal systems weren’t responding. Within hours, the city had declared a state of emergency. Over the weekend, Minnesota Governor Tim Walz activated the National Guard’s cyber protection unit to investigate and respond. 

This wasn’t just a glitch. It was a coordinated cyberattack that crippled the digital backbone of a major American city. 

As cybersecurity incidents grow in frequency and complexity, what happened in St. Paul should concern every business owner, IT professional, and public official across the country. 

What We Know So Far

St. Paul’s city network went offline following “suspicious activity” that escalated into a full-blown cyber event. While emergency services like 911 remained operational, nearly everything else—from internal municipal systems to public Wi-Fi and library catalogs—was impacted. 

Key developments include:

      • Shutdown of City Systems: St. Paul took down its networks proactively to contain the threat, impacting internal operations and public access systems.
      • Potential Attack Vectors: The nature of the attack remains undisclosed, but early reports suggest phishing or ransomware as likely methods.
      • “This is a deliberate, sophisticated attack that overwhelmed our local capabilities,” a city official told TechCrunch. 

Why It Matters for Business Leaders

St. Paul may be a city government, but the lessons here are universal. 

Cybercriminals increasingly target public and private institutions with outdated infrastructure or limited cybersecurity personnel. And while big corporations may invest millions in threat detection, many mid-size businesses, nonprofits, and city agencies remain vulnerable. 

Here’s what this means for your business:

      • One breach can paralyze operations: Just like St. Paul’s digital services, your internal systems—email, cloud files, payment processing—can go down in minutes.
      • Ransomware doesn’t discriminate: Whether you’re a city government or a growing startup, attackers will find vulnerabilities to exploit. 

Business Continuity Depends on Cyber Readiness

This attack didn’t just freeze government services—it disrupted local businesses and eroded public trust. For organizations that rely on digital systems, cloud tools, or online transactions, the ripple effects of cyberattacks can be devastating. 

Takeaways for business owners and IT teams:

      • Segment your networks: Compartmentalize sensitive data and critical operations to contain breaches if they happen.
      • Invest in incident response planning: Know who to call, what systems to shut down, and how to communicate during a crisis.  
      • Secure endpoints and employees: Train staff regularly and use MFA (multi-factor authentication) across platforms. 

National Implications: Are We Cyber-Ready?

The U.S. has made strides in building a cybersecurity infrastructure, including partnerships between federal agencies and private sector experts. However, this attack reveals that not all local governments—or even businesses—have the tools or budgets to defend against sophisticated cyber threats. 

The St. Paul attack raises big questions:

      • Are cities and businesses prepared to defend themselves?
      • Should cybersecurity readiness be federally mandated or incentivized?
      • In the words of cybersecurity experts, the challenge isn’t just technological—it’s cultural. Many organizations still treat cybersecurity as an afterthought, not a business necessity. 

Vigilance Over Complacency

Cyberattacks like the one in St. Paul are no longer theoretical risks. They are real, disruptive, and increasingly difficult to prevent. But for those who stay prepared—with regular audits, employee education, and strong network defenses—recovery is faster and trust remains intact. 

The National Guard may have helped St. Paul get back online—but will your business be ready when the threat comes knocking?

What’s your plan if your systems go dark tomorrow?

Trump’s AI Roadmap: Deregulation, Innovation, and Opportunity

Anthony Duran on July 23, 2025

This July, amid an AI-fueled global race, President Trump unveiled a sweeping AI Action Plan—dotting the calendar with more than 90 federal policy actions aimed at maintaining U.S. leadership in artificial intelligence. This roadmap, shaped by Silicon Valley advisers, marks a sharp pivot from the previous administration’s cautious stance, favoring deregulation, export promotion, and pro-growth priorities. 

What’s in the Plan: Key Pillars

Based on reports from TechCrunch, Wired, AP, and Reuters, here’s what business leaders need to know:

1. Infrastructure & Data Center Expansion

2. Innovation & Deregulation

3. Promoting U.S. AI Globally

      • Creates “ideology-free” procurement standards, favoring systems vetted for bias neutrality 

Business Implications: Opportunity Meets Risk

Upsides:

      • Speed to deployment: Faster data center approvals and fewer regulations could accelerate AI rollout. 
      • Market expansion: Looser export rules may open new international markets, especially in AI-hungry sectors. 
      • Investor optimism: Tech and semiconductor stocks, including Nvidia and AMD, are reacting positively. 

Risks:

      • Regulatory dispensability: Deregulation may come with less oversight on safety, cybersecurity, and ethical compliance. 
      • State vs. federal friction: Withholding funding from “restrictive” states might complicate multi-state operations. 
      • Backlash from public interest groups: Critics argue this approach favors “Big Tech” over consumer protections and environmental sustainability 

Final Take

Trump’s AI roadmap positions the U.S. as a global AI powerhouse—promoting infrastructure, rolling back regulations, and expanding exports. For businesses, this could mean faster adoption, new markets, and competitive advantage. But as regulatory guardrails ease, leaders must weigh innovation gains against evolving compliance, ethical, and public trust challenges. 

As AI reshapes industries, the question isn’t just “Can we build it?”—it’s “Are we ready to manage the impact responsibly?” What will your next move be? 

Chinese Hackers Infiltrate U.S. National Guard Networks for Nine Months: The Salt Typhoon Breach

Anthony Duran on July 17, 2025

In March 2024, Chinese state-backed hackers known as “Salt Typhoon” began what would become a nine-month infiltration of a U.S. state’s Army National Guard network. This wasn’t a smash-and-grab operation targeting consumer data—it was a sophisticated intelligence gathering campaign that extracted network configurations, administrative credentials, and operational maps spanning all 50 states and four U.S. territories. The breach, which remained undetected until December 2024, represents one of the most strategically significant cyber espionage operations against American military infrastructure in recent memory. 

The Breach: What We Know

  • Between March and December 2024, Chinese state-backed hackers known as Salt Typhoonextensively compromised” that state’s National Guard network . 
    • Network maps & traffic data spanning every U.S. state + 4 territories 
    • Administrator credentials and internal network diagrams  
  • No immediate details on which state were confirmed, but the leak to Property of the People sparked nationwide alarm . 

How It Happened: A People-Powered Breach

This wasn’t a brute-force hack it was a classic case of social engineering. Attackers employed a technique known as vishing, targeting contact center staff via phone to extract credentials and bypass multi-factor authentication.

The culprits? Likely the notorious Scattered Spider group known for sophisticated, human-focused attacks across airlines and payment systems. 

Why It Matters to Every Business

This wasn’t just espionage, it’s a strategic pre-positioning aimed at sabotaging critical infrastructure should tensions escalate . But the real threat for organizations lies closer to home: 

“Going forward, all U.S. forces must now assume their networks are compromised and will be degraded.”  

Salt Typhoon: More Than a Hacker

This cyber-threat actor has rapidly become one of China’s most persistent and dangerous digital weapons. In 2024 alone, Chinese-linked breach activity doubled . Salt Typhoon is part of a broader ecosystem (including “Volt Typhoon” and “Silk Typhoon”well-equipped to exploit zero-day vulnerabilities in software, telecom infrastructure, and defense systems .

What This Reveals: National Security at Risk

  • Strategic Intelligence: Topological and network insights are a roadmap for future cyber or physical attacks. 
  • Systemic Risk: Gaps in National Guard security don’t stay local—they threaten every business that works with state-level agencies or handles sensitive data. 
  • Corporate Exposure: If government entities are breached, those of us relying on them, through third-party platforms, shared infrastructure, or supply chains—must question our digital trustworthiness. 

What Businesses Can Do Now

Best Practice

Validate all vendors and partners 

Assume compromise 

Train employees continuously 

Segment & limit access 

Stay aware 

Action

Ensure they follow cybersecurity frameworks like CISA or NIST

Monitor administrative logins, shadow IT, and unexpected IAM changes

Mandated “vishing” simulations for front-desk, customer service, and IT

Enforce least privilege and zero-trust across your network 

Watch breach reporting and monitor dark-web forums for stolen data

The breach of a National Guard unit isn’t just national news, it’s proof that no network is truly secure, and that even “trusted” public systems can be painfully fragile. Business leaders must shift from reactive defense to proactive resilience, safeguarding every link in their digital chain. 

If Army Guard networks can be quietly infiltrated for nine months, are your systems next? 

Qantas Data Breach Hits 5.7 Million Customers

Anthony Duran on July 10, 2025

 It starts with a ping—a curious email about a delayed flight. You click through, pausing only when you realize your personal details were exposed. That feeling of unease? It’s exactly what millions of Qantas customers are facing after a massive data breach. Imagine trusting your favorite airline and waking up to find your name, email, even frequent flyer number… out in the open.

5.7 Million Records Exposed and the Fallout

Qantas recently confirmed that 5.7 million customer records were compromised in a cyberattack targeting a Manila-based call center platform.  

Among those: 

  • 4 million records included names, email addresses, and frequent flyer tiers (1.2 million had name + email only; 2.8 million had full flyer info).

     

  • 1.7 million additional records contained sensitive data like home addresses (1.3M), birthdates (1.1M), phone numbers (900K), gender (400K), and meal preferences (10K). 

Importantly, no credit card data, passwords, passport details, or login credentials were stolen. 

How It Happened: A People-Powered Breach

This wasn’t a brute-force hack it was a classic case of social engineering. Attackers employed a technique known as vishing, targeting contact center staff via phone to extract credentials and bypass multi-factor authentication.

The culprits? Likely the notorious Scattered Spider group known for sophisticated, human-focused attacks across airlines and payment systems. 

What It Means for all of us?

You’re savvy aware of clickbait scams, credential stuffing, and MFA fatigue. But Qantas shows one stark truth: even the best tech defenses crumble when humans are the weak link.

And the impact is real: 

  • Exposed names, birthdates, addresses is a perfect recipe for identity theft and sophisticated phishing. 
  • Frequent flyer numbers, once harmless, can now stalk your loyalty perks leading to account takeover risk. 
  • Third-party vulnerabilities continue to be a massive blind spot, trusting the chain means trusting everyone in it. 

And let’s not forget: people often prioritize brands with strong digital security. Trust erodes fast, and recovery is slow. 

Broader Trend: Airlines Under Fire

Qantas isn’t alone. This breach follows attacks on WestJet, Hawaiian Airlines, Optus, and Medibank, signaling that the aviation sector is now a top target. Regulators are responding: Australia tightened incident reporting after 2022’s Medibank breach, but enforcement is still catching up. 

What You Can Learn (and Do) Now

  • Vet third-party providers aggressively: your cybersecurity policies need to extend beyond your infrastructure. 
  • Regularly test your education programs: simulate “vishing” and phishing to build real resilience. 
  • Adopt no-trust principles and least privilege access: limit exposure if a breach occurs. 
  • Monitor dark web and leak forums because even non-sensitive data can morph into something dangerous later. 

The Qantas breach isn’t just an airline’s problem, it’s a wake-up call for every person navigating an increasingly digitized world. When personal data, including elements we’d never associate with misuse, is compromised, attribution becomes attack vectors. It’s a reminder that people are often the weakest link in cybersecurity, even in digitally advanced companies. 

So as we expand our defenses, protocols, and automation, are we truly strengthening the human side of security too? 

The Rise of AI Bot Blockers: What It Means for the Future of Tech

Anthony Duran on July 3, 2025

Imagine waking up to find your entire website scraped overnight—your product listings, blog posts, even your pricing strategy; all copied, consumed, and used to train someone else’s AI model. No warning. No credit. No compensation.

That’s not a hypothetical. It’s happening every day to businesses just like yours.

In response, Cloudflare launched an AI bot blocker that fingerprints and halts suspicious traffic patterns. In just one day, it blocked bots across 85,000+ websites, a significant shift from passive monitoring to active defense.

Why AI Bot Blockers Matter

AI bots aren’t just scraping, they’re impersonating, phishing, and harvesting data at scale. With the average U.S. data breach costing $9.48 million in 2023 , every unauthorized bot interaction becomes a potential vulnerability.

This is about more than content theft, it’s about protecting trust, brand integrity, and infrastructure from increasingly sophisticated automation.

The Anthropic vs. Reddit Case

Just this month, Reddit sued Anthropic in San Francisco Superior Court, alleging the AI startup’s bots accessed Reddit’s content over 100,000 times since July 2024, despite claims they’d halted scraping

Key allegations include:

Reddit’s suit invokes five claims, from breach of contract to unfair competition. In contrast, companies like OpenAI and Google maintain licensed agreements with Reddit’s data. The outcome could set a precedent for ethical data collection and AI governance.

Implications for the AI Industry

Anthropic’s case marks a legal turning point. With the EU AI Act and growing U.S. regulations targeting data usage and IP, the era of free-for-all scraping is likely ending.

Expectations are shifting toward:

    • Licensed data access

       

    • User protections (respecting deletion requests)

       

    • Technical controls (bot blockers, API rate-limiting)

AI companies must pivot from passive acceptance to active compliance or risk legal and reputational fallout.

How Horizon Helix Can Help

Horizon Helix is forever vigilant in understanding and protecting their clients against the on going and developing cyber security threats.

Conclusion

The rise of AI bot blockers like Cloudflare’s and legal challenges like Reddit vs. Anthropic are signals of a tectonic shift in how data flows online. For cybersecurity leaders, IT teams, and tech developers, the question isn’t if, but when your systems will be tested. Are your defenses ready when the next wave of AI bots comes calling?

Cyber Safety: Brute Force Hacking

Anthony Duran on June 2, 2025

Among the many cyber threats targeting login credentials, brute force attacks remain one of the most common and persistent. These attacks can compromise personal accounts, business systems, and entire networks when proper safeguards are not in place. Understanding how they work and how to defend against them is essential for anyone using digital tools. 

What Is a Brute Force Attack?

A brute force attack is a hacking technique that attempts to guess passwords or encryption keys by trying every possible combination until the correct one is found. 

It’s a trial-and-error approach that can be used to: 

    • Access user accounts
    • Crack encrypted files
    • Gain administrative control over websites or systems

While it may sound crude, brute force attacks are very effective, especially when users rely on weak passwords or outdated systems. 

Common Types of Brute Force Attacks

There are several variations of brute force attacks, each with its own strategy: 

    • Simple Brute Force: Tries every character combination one by one.
    • Dictionary Attack: Uses a list of common words and passwords.
    • Credential Stuffing: Tries known username/password pairs from data breaches.
    • Reverse Brute Force: Applies a common password across multiple usernames.
    • Hybrid Attack: Combines dictionary words with random characters to increase complexity.

Why Brute Force Attacks Are a Serious Threat

These attacks are: 

    • Automated: Hackers can run them continuously without direct involvement.
    • Widespread: Thousands of accounts can be targeted simultaneously.
    • Effective: Weak or reused passwords are quickly cracked.

With advancements in technology like NVIDIA’s RTX 5090, brute-force attacks have become significantly more powerful. A processor of this caliber can instantly crack simple passwords such as “password123.” In contrast, passwords that are at least 10 characters long and include a mix of symbols, numbers, and both uppercase and lowercase letters are far more resistant to brute-force methods.

The likelihood of such a complex password being cracked during the lifetime of your account is extremely low. To put it into perspective, a hacker would statistically win the lottery 185 billion times before successfully brute-forcing a single 10-character complex password.

How to Protect Yourself

Brute force attacks are preventable with the right strategies. There are many precautions you can take to improve your protection.

1. Use Strong, Unique Passwords

Avoid common words or patterns. Use a mix of uppercase and lowercase letters, numbers, and symbols. Writing down your passwords is always an efficient way to keep your password handy. If you want to stay virtual, password managers are another great option to keep your passwords accessible anywhere at any time.  

2. Enable Multi-Factor Authentication (MFA)

MFA adds a second layer of security by requiring you to confirm your login attempt using a separate device or method, such as a phone notification or a temporary verification code. Even if an attacker guesses your password, they would still need access to the second factor to gain entry.

3. Limit Login Attempt

Systems that temporarily lock accounts or introduce delays after failed attempts can deter attackers.  

4. Monitor for Suspicious Activity

Keep an eye out for failed login attempts or access from unfamiliar locations. Many platforms offer alert systems for unusual behavior. 

5. Keep Software Up to Date

Security patches close vulnerabilities that brute force tools often exploit. Regular updates are a simple but powerful defense. 

Brute force hacking remains a threat not because it’s sophisticated, but because it often works against unprepared users. Strong passwords, layered security, and vigilance make all the difference. Digital security isn’t just a technical issue — it’s a shared responsibility that starts with awareness and good habits. 

Microsoft Recall: How this Feature Puts Your Privacy at Risk

Anthony Duran on May 28, 2025

Microsoft first introduced Copilot’s Recall feature in May 2024 with the launch of Copilot+ PCs. Recall automatically captures encrypted snapshots of your screen every few seconds, allowing you to search your on-screen history using more colloquial language.

CoPilot_Recall_Dashboard

Credit: Microsoft

The data stays local on your device. After privacy concerns, Microsoft officially released Recall in April 2025 with improvements, including making Recall disabled by default which gives users more control over their involvement.  

Security Concerns

Copilot’s Recall functionality is a great tool that can help many people; however, it is inherently dangerous to cyber and personal security. Apps like Signal, known for their safety by having disappearing messages, could be obsolete if even one of the users in a conversation has Recall since it can store sensitive information even after it is deleted from Signal.  

Even if you opt out of Recall, whoever you are communicating with could be opted in, and your conversations or information shared could be stored, even after you delete them. Conversations will no longer be gone when deleted, but instead are saved to the opted-in user’s storage. Moreover, there is no notification that Recall is storing the information of a user (opted out) who is engaged in a conversation with another user who is using Recall.  

Be cautious of what you share. It has been a common practice to be careful of what you share on the internet since its dawn, but now it could be more important than ever as even trusted people could inadvertently capture your information. Recall could still be a risk for someone who has opted out through daily conversations. As of now, the only way for Recall to not store information is for both parties to opt out. 

Opting Out of Copilot's Recall

Copilot’s Recall was re-released on the latest Windows 11 24h2 update (KB055627). Recall is only available on Copilot+ PCs. If you do not have a Copilot+ PC you do not have to worry about having Recall yet, but you will have to be wary about those who have a Copilot+ PC and have installed the newest update for Windows.  

If you do have a Copilot+ PC and want to opt out, follow these steps:  

  1. Go to Settings
  2. Select Privacy & security 
  3. Choose Recall & snapshots
  4. Toggle Recall Off  

*You can also pause Recall temporarily from the system tray icon by selecting Pause. 

Blue Shield CA Data Breach: Protecting Your Information

Anthony Duran on May 8, 2025

On April 9, Blue Shield of California disclosed a potential data breach that involved member’s data being shared through Google Ads. Blue Shield has noted the following as affected:  

“Insurance plan name, type and group number; city; zip code; gender; family size; Blue Shield assigned identifiers for members’ online accounts; medical claim service date and service provider, patient name, and patient financial responsibility; and “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).” 

 Blue Shield has confirmed that no other information was given like Social Security numbers or driver’s license numbers.  

The recent data breach at Blue Shield of California has raised concerns about the security of personal health data. If you’re a Blue Shield member or concerned about how such breaches can impact your security, please take a moment to read some safety precautions you can take.  

Stay Informed

The first step after any data breach is to stay informed. Blue Shield has been notifying members about the breach and what information was exposed. Keep an eye on emails or web updates from the company to understand the scope of the incident and what actions they are taking to mitigate the risks. 

Monitor Your Medical Records

It’s important to regularly review your medical records for any unfamiliar treatments or services that could signal fraudulent claims. By checking your Explanation of Benefits (EOB) statements, you can spot any suspicious activity early and report it to your provider.

Use Identity Monitoring Services

In the aftermath of a breach, many companies offer free credit and identity monitoring. Take advantage of these services to monitor any unusual activity tied to your personal data, including medical identity theft or misuse of your Social Security number. LifeLock by Norton is the most popular service for identity theft protection. There are several other companies that offer similar services like Guardio, IDShield, and Identity Force 

Freeze Your Credit

If you’re concerned about potential identity theft, freezing your credit with major credit bureaus (Equifax, Experian, etc.) can help prevent fraudulent account creation and use.  

Strengthening Your Online Security

After a breach, it’s a good idea to update your passwords and use two-factor authentication wherever possible. This added layer of security can help protect your accounts from unauthorized access. Be wary of phishing emails that may attempt to trick you into sharing sensitive information. This is especially important after a breach like this one as scammers may be trying to take advantage of the situation.  

See our guide on setting up 2FA for more help.   

File a Complaint if Necessary

If you feel that your data hasn’t been properly protected, you can file a complaint with the Department of Health and Human Services Office for Civil Rights or your state’s attorney general. It’s essential to hold organizations accountable for protecting your personal data. 

AI Could be Taking More Than it is Giving

Anthony Duran on May 7, 2025

What is Recall?

Microsoft first introduced Copilot’s Recall feature in May 2024 with the launch of Copilot+ PCs. Recall automatically captures encrypted snapshots of your screen every few seconds, allowing you to search your on-screen history using more colloquial language.

Retrace your steps with Recall

Credit: Microsoft 

The data stays local on your device. After privacy concerns, Microsoft officially released Recall in April 2025 with improvements, including making Recall disabled by default which gives users more control over their involvement.  

Security Concerns

Copilot’s Recall functionality is a great tool that can help many people; however, it is inherently dangerous to cyber and personal security. Apps like Signal, known for their safety by having disappearing messages, could be obsolete if even one of the users in a conversation has Recall since it can store sensitive information even after it is deleted from Signal.  

Even if you opt out of Recall, whoever you are communicating with could be opted in, and your conversations or information shared could be stored, even after you delete them. Conversations will no longer be gone when deleted, but instead are saved to the opted-in user’s storage. Moreover, there is no notification that Recall is storing the information of a user (opted out) who is engaged in a conversation with another user who is using Recall.  

Be cautious of what you share. It has been a common practice to be careful of what you share on the internet since its dawn, but now it could be more important than ever as even trusted people could inadvertently capture your information. Recall could still be a risk for someone who has opted out through daily conversations. As of now, the only way for Recall to not store information is for both parties to opt out. 

Opting Out

Copilot’s Recall was re-released on the latest Windows 11 24h2 update (KB055627). Recall is only available on Copilot+ PCs. If you do not have a Copilot+ PC you do not have to worry about having Recall yet, but you will have to be wary about those who have a Copilot+ PC and have installed the newest update for Windows.  

If you do have a Copilot+ PC and want to opt out, follow these steps:  

Go to Settings > Privacy & security > Recall & snapshots. When you have navigated here, simply toggling it off. 

If you want to keep it but only want it off for a day, you can easily pause Recall by selecting the Recall icon in your system tray and selecting the pause option.  

company

headquarters

sign up for our newsletter

ⓒ 2025 horizon helix, All rights reserved
Linkedin-in