Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them. The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and
Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution
Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong