CyberHappenings logo
🏠 Home 📂 Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

BadCam Vulnerability in Lenovo Webcams Enables Remote BadUSB Attacks

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A flaw in select Lenovo webcams allows remote attackers to exploit them as BadUSB devices, injecting keystrokes and launching attacks independent of the host operating system. The vulnerability, codenamed BadCam (CVE-2025-4371), affects Linux-based webcams and can be weaponized for malicious intent without physical access. The vulnerability was disclosed by Eclypsium researchers at DEF CON 33. Lenovo has released firmware updates to mitigate the issue, and SigmaStar has provided a tool to address the problem. The flaw highlights the risk of trusting peripherals that can run their own operating systems and accept remote instructions.

Timeline

  1. 09.08.2025 22:00 📰 1 articles · ⏱ 1mo ago

    BadCam Vulnerability in Lenovo Webcams Enables Remote BadUSB Attacks

    Researchers disclosed a flaw in select Lenovo webcams that allows remote attackers to exploit them as BadUSB devices. The vulnerability, codenamed BadCam (CVE-2025-4371), affects Linux-based webcams and can be weaponized for malicious intent without physical access. Lenovo has released firmware updates (version 4.8.0) to mitigate the vulnerabilities, and SigmaStar has provided a tool to address the problem.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft September 2025 Patch Tuesday fixes 81 vulnerabilities, including two zero-days

Microsoft released updates for 80 vulnerabilities on September 2025 Patch Tuesday. None of these vulnerabilities were zero-days. The updates address eight critical flaws, including five remote code execution vulnerabilities, one information disclosure, and two elevation of privilege vulnerabilities. The vulnerabilities span various categories: 38 elevation of privilege, 2 security feature bypass, 22 remote code execution, 14 information disclosure, 3 denial of service, and 1 spoofing. One zero-day vulnerability was fixed in Windows SMB Server. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing. The patch includes 38 elevation of privilege vulnerabilities, the highest number among all categories. CVE-2025-54918 is an EoP vulnerability in Windows NT LAN Manager (NTLM) marked as critical. CVE-2025-54111 and CVE-2025-54913 are EoP flaws in Windows UI XAML, allowing privilege escalation via phished credentials or malicious Microsoft Store apps. CVE-2025-55232 is an RCE vulnerability in the Microsoft High Performance Compute (HPC) Pack with a CVSS score of 9.8. CVE-2025-54916 is an RCE vulnerability in Windows NTFS that can be triggered by authenticated users. Microsoft's patch update includes recommendations for preparing for the end-of-life of Windows 10 and mandatory multifactor authentication (MFA) for Azure in October 2025.

Open in new tab

Apple patches Image I/O zero-day exploited in targeted attacks

Apple has released emergency updates to fix a zero-day vulnerability (CVE-2025-43300) in the Image I/O framework. The flaw, an out-of-bounds write issue, was exploited in "extremely sophisticated" targeted attacks against specific individuals. The vulnerability affects multiple iOS, iPadOS, and macOS versions and devices. Apple has not attributed the discovery to a specific researcher or provided details about the attacks. The flaw allows attackers to exploit the vulnerability by supplying malicious input, potentially leading to remote code execution. Affected devices include various iPhone, iPad, and Mac models running specific versions of iOS, iPadOS, and macOS. The flaw was discovered internally by Apple and addressed with improved bounds checking. The vulnerability has been exploited as part of highly targeted attacks. Users are advised to install the updates promptly to mitigate potential ongoing attacks. CERT-FR has reported at least four instances of Apple threat notifications alerting users about mercenary spyware attacks since the beginning of the year. The attacks target individuals based on their status or function, including journalists, lawyers, activists, politicians, and senior officials. Apple has sent threat notifications to users in over 150 countries since 2021. Apple has backported fixes for the vulnerability to older versions of iOS, iPadOS, and macOS, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. The updates also address multiple other security flaws in various Apple products. The flaw was chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in targeted attacks. The attacks were described as "extremely sophisticated" by Apple and WhatsApp. Samsung also patched a remote code execution vulnerability chained with the CVE-2025-55177 WhatsApp flaw in zero-day attacks targeting its Android devices.

Open in new tab

Multiple vulnerabilities in Dell ControlVault3 firmware allow persistent access

Cybersecurity researchers have identified multiple vulnerabilities in Dell's ControlVault3 firmware and associated Windows APIs. These flaws, collectively named ReVault, can enable attackers to bypass Windows login, extract cryptographic keys, and maintain persistent access even after OS reinstallation. Over 100 Dell laptop models using Broadcom BCM5820X series chips are affected. No evidence of exploitation in the wild has been reported. The vulnerabilities allow attackers to escalate privileges, bypass authentication, and deploy undetectable malicious implants. The affected systems are commonly used in industries requiring heightened security, such as those using smart card or NFC readers. The identified vulnerabilities include out-of-bounds write, arbitrary free, stack-based buffer overflow, out-of-bounds read, and deserialization of untrusted input flaws. Dell has provided patches to mitigate these risks, and users are advised to apply them and disable unnecessary ControlVault services. The vulnerabilities were discovered by Philippe Laulheret, a senior vulnerability researcher at Cisco Talos, and were presented at the Black Hat USA 2025 security conference. The vulnerabilities involve undocumented APIs that allow users to communicate with the Control Vault board, leading to memory corruption, code execution, extraction of secret keys, and permanent firmware modification.

Open in new tab