Workplace Apps Collect Extensive User Data, Raising Privacy and Security Concerns A recent study by Incogni, analyzing data from the Google Play Store as of March 20, 2026, reveals that ten widely used workplace apps including Gmail, Microsoft Teams, Zoom Workplace, Slack, and Notion collect an average of 19 data points per app, with some sharing sensitive information with third parties. These apps, cumulatively downloaded over 12.5 billion times, are integral to U.S. corporate operations but pose significant privacy and security risks. Data Collection and Sharing Practices Gmail leads in data harvesting, collecting 26 distinct data types, including approximate location, app interactions, and user IDs for advertising. Microsoft Teams and Zoom Workplace follow closely, with 25 and 23 data types, respectively both uniquely gathering precise location data. Six of the ten apps, including Slack, Notion, and Zoom Workplace, use collected data for marketing, with Slack, Todoist, and Notion specifically harvesting employee email addresses for this purpose. Notion stands out for its outbound data flow, sharing eight data types such as email addresses, names, and device IDs with third parties, including advertising partners. The app’s privacy policy permits tracking tools on user browsers, raising concerns over the exposure of sensitive workspace content like HR records and client data. Regulatory scrutiny has intensified, particularly after the EU’s Data Protection Board tightened GDPR requirements in December 2024 regarding personal data use in AI training, directly impacting Notion’s third-party model integrations. Security Vulnerabilities and Breach History Most apps in the study have a history of breaches. In January 2026, a 96-gigabyte database containing 149 million login credentials 48 million tied to Gmail was exposed, attributed to infostealer malware on user devices. Slack suffered a November 2025 breach where attackers used stolen credentials to access accounts of over 17,000 Nikkei employees, exposing names, emails, and chat histories. Trello, Zoom, and Microsoft products have also faced incidents, with Trello data appearing for sale in January 2024. Workday is the only app in the analysis without a user data deletion option, despite holding employment records and payroll details. In August 2025, the platform confirmed two breaches linked to its Salesforce CRM, where attackers obtained business contact information as part of a ShinyHunters social engineering campaign. BYOD Risks and Platform Disparities Many employees install these apps on personal devices, exposing contact details, financial data, and location information to advertising networks or corporate administrators. Slack, for example, lacks end-to-end encryption, allowing workspace owners to access direct messages and private channels. While the study focuses on Google Play data, Incogni notes that iOS disclosures may differ, though past comparisons suggest similar privacy practices across platforms. The findings highlight the trade-offs between workplace productivity and data exposure, with recurring breaches and extensive tracking underscoring the risks of integrating these tools into daily operations.

New AI Threat "Promptware" Turns Assistants Into Silent Spy Tools Researchers from Ben-Gurion University, Tel Aviv University, and Harvard including cybersecurity expert Bruce Schneier have uncovered a dangerous evolution in AI attacks dubbed "Promptware." Unlike traditional prompt injection, this technique hijacks large language models (LLMs) to execute malicious actions without user interaction, effectively turning AI assistants into stealthy surveillance tools. The attack, detailed in the paper "The Promptware Kill Chain," exploits AI integrations with everyday apps. In one demonstrated scenario, attackers send a malicious Google Calendar invite containing hidden instructions. The AI, with access to the victim’s calendar and email, automatically processes the prompt, mistaking it for a legitimate Zoom meeting request. The assistant then launches Zoom, activates the camera, and streams video to the attacker’s server all without alerts or user input. Since the AI operates within its granted permissions, the attack bypasses traditional security checks. The researchers mapped a seven-stage kill chain based on 36 real-world attacks, mirroring advanced cyberwarfare tactics: 1. Initial Access – Malicious prompts embedded in emails or calendar invites. 2. Privilege Escalation – "Jailbreaking" AI to bypass safety filters. 3. Reconnaissance – AI scans files or emails for sensitive data. 4. Persistence – Prompts self-replicate to survive system restarts. 5. Command & Control – AI connects to attacker-controlled servers. 6. Lateral Movement – Spreads via automated emails to contacts. 7. Actions on Objective – Exfiltrates data, steals cryptocurrency, or conducts surveillance. Unlike static prompt injections, Promptware mutates, spreads, and executes code autonomously, posing risks beyond data theft including silent espionage or fraud. The threat escalates as AI assistants gain deeper integration with devices, potentially granting access to cameras, microphones, and system controls with a single malicious prompt. To counter the threat, the researchers propose a defense-in-depth approach: - Input sanitization to strip hidden prompts from emails and calendars. - Permission limits requiring explicit user approval for sensitive actions (e.g., camera access). - AI activity monitoring to flag anomalous behavior, such as unexpected meetings. - Isolation by running AI in sandboxes without direct tool access. The findings highlight a critical shift in cybersecurity: AI systems must be treated as potential malware vectors, not just tools vulnerable to manipulation. As LLMs like Siri and Cortana evolve, layered security measures will be essential to prevent exploitation.

Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation. The flaw impacts Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising confidentiality, integrity, and availability of enterprise communications. Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates. The company’s official support documentation provides guidance for deploying fixes without service disruption. Organizations using affected versions face immediate risk, as the vulnerability enables remote code execution (RCE) with minimal prerequisites. Security teams are advised to treat this as a critical patch priority to mitigate potential breaches in business-critical infrastructure.

Recently, two vulnerabilities were discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. These flaws, tracked under CVE-2025-49464 and CVE-2025-46789, were reported by security researcher fre3dm4n and carry a Medium severity rating with a CVSS score of 6.5 each. The vulnerabilities stem from a classic buffer overflow issue in the affected Zoom products. This flaw could enable an authorized user with network access to exploit the system, causing a DoS condition that disrupts service availability. The CVSS vector string for both issues indicates a high impact on availability, though confidentiality and integrity remain unaffected. The potential for disruption is significant for organizations relying on Zoom for communication. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in affected versions between the two CVEs.