Lenovo Webcams Turn into Hacking Tools in Shocking New Discovery

On August 9, 2025, researchers from Eclypsium revealed serious flaws in Lenovo 510 FHD and Lenovo Performance FHD webcams running Linux. The issue, presented at DEF CON 33, allows attackers to remotely hijack these devices and use them for BadUSB attacks. This can happen without unplugging the webcam.

BadUSB attacks reprogram USB firmware to secretly run malicious commands. Researcher Mickey Shkatov warned, “A seemingly normal webcam can inject keystrokes or deliver malicious payloads.” This threat is harder to detect since it lives in firmware, not files.

Attackers could mail a tampered webcam to victims or exploit one already connected. Once weaponized, the webcam can reinstall malware even after the computer is wiped. Lenovo has released firmware updates (version 4.8.0) and a fix with SigmaStar.

Eclypsium called this a “first-of-its-kind attack,” warning that peripherals with their own operating systems can silently bypass security controls.

Read: https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html


EU Law Meant to Protect Press Gives Governments Power to Arrest Journalists

On August 8, 2025, the European Union’s “European Media Freedom Act” became binding across all member states. The law claims to safeguard journalists but allows arrests, sanctions, and surveillance if authorities cite an “overriding reason in the general interest.”
European Commission President Ursula von der Leyen praised it, saying, “A free and independent press is an essential pillar of our democracy.” However, critics point to loopholes letting governments bypass protections using vague definitions of public interest.

The act permits intrusive surveillance in cases involving crimes with prison terms of three years or more, including terrorism and so-called “racism and xenophobia.” It also requires registers of media owners, targets “disinformation,” and strengthens state broadcasters through public funding.

Oversight will be handled by a European Media Services Board, but its secretariat is run by the Commission itself. While marketed as a press shield, the law risks becoming a tool for controlling which voices are heard.

Read: https://reclaimthenet.org/eu-media-freedom-act-allows-arrests


Charon Ransomware Targets Middle East Aviation Using Advanced APT Tradecraft

Charon, a newly discovered ransomware strain, has been deployed in targeted attacks on public sector and aviation organizations in the Middle East. Trend Micro analysts—Jacob Santos, Ted Lee, Ahmed Kamal, and Don Ovid Ladore—documented the malware’s use of DLL side-loading, process injection, and EDR evasion techniques typical of APT groups. The infection chain pivots on a renamed executable (cookie\_exporter.exe, masquerading as Edge.exe) that sideloads msedge.dll (SWORDLDR), delivering Charon. The ransomware deletes backups, terminates security processes, and uses partial encryption with multithreading for speed. It also includes an unused BYOVD component compiled from the open-source Dark-Kill project.

A personalized ransom note—naming each victim—suggests deliberate targeting. Though Charon’s methods echo those of Earth Baxia, a China-linked APT group known for deploying the EAGLEDOOR backdoor via exploits in *OSGeo GeoServer GeoTools*, Trend Micro stops short of attribution. The overlap may indicate shared tactics, a false flag, or independent evolution.

Meanwhile, eSentire disclosed a campaign by the Interlock Group using ClickFix lures to deploy a PHP backdoor, NodeSnake (aka Interlock RAT), and a C-based implant, leveraging PowerShell, NodeJS, and LOLBins. Barracuda reports 57% of organizations faced ransomware in the past year; 32% paid, but only 41% fully recovered data. Some attackers now escalate to DDoS and physical threats.

Read: https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html

Russia Suspected in Major Hack of US Federal Court Records

On August 12, 2025, investigators revealed evidence that Russia may be behind a hack of the US federal court filing system. The breach exposed sealed records, including sensitive national security cases, across at least eight district courts. Some cases involved people with Russian and Eastern European surnames.

Administrators warned Justice Department officials and judges that “persistent and sophisticated cyber threat actors” had compromised the system. They urged immediate removal of the most sensitive files. An internal memo labeled the incident an “URGENT MATTER.”
It is unclear whether Russian intelligence or other countries were involved, but officials described it as part of a yearslong infiltration effort. Some targeted cases were in New York City and other jurisdictions.

The disclosure comes just days before President Donald Trump is set to meet Vladimir Putin in Alaska to discuss ending the war in Ukraine. The breach raises concerns over long-known vulnerabilities in the federal court system’s document management platform.

Read: https://www.nytimes.com/2025/08/12/us/politics/russia-hack-federal-court-system.html

Connex Credit Union Hack Exposes Data of 172000 Members

On August 11, 2025, Connex Credit Union confirmed that hackers breached its systems in early June, stealing personal and financial data from 172,000 members. The non-profit, with over $1 billion in assets and eight branches across Connecticut, discovered the attack on June 3, a day after it occurred.

According to Connex, files were accessed or downloaded without authorization between June 2 and 3. The stolen information includes names, account numbers, debit card data, Social Security numbers, and government IDs. “We have no evidence that funds were accessed,” the credit union stated, but it has issued scam alerts warning members of phishing calls and texts.

Founded in 1940, Connex now urges customers to verify all communications directly. The breach follows a wave of cyberattacks linked to groups like ShinyHunters and Scattered Spider, which have recently targeted major corporations. Members are advised to remain alert and update security measures to protect their accounts.

Read: https://www.bleepingcomputer.com/news/security/connex-credit-union-discloses-data-breach-impacting-172-000-people/