SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Former Uber security chief’s sentence upheld
Judges of the US Court of Appeals for the Ninth Circuit unanimously upheld the conviction of Joe Sullivan, the former Uber CSO convicted in 2023 for covering up a massive data breach suffered by the ride-sharing giant in 2016. Sullivan avoided prison time — he was sentenced to three years of probation and 200 hours of community service. However, he had filed an appeal, with his legal team calling the verdict ‘profoundly flawed’.
The story of an Expat vulnerability
Sebastian Pipping, the developer of the open source XML parser Expat (libexpat), has shared the story of CVE-2024-8176, a vulnerability discovered by Google Project Zero researcher Jann Horn back in 2022. Implementing a proper fix was not an easy task and in early 2024 Pipping started reaching out to major companies that use the library in hopes of getting help patching the bug. Ultimately, of 40 companies he reached out to, only Siemens and an unnamed firm offered to help, and 10 months later a patch was released.
OKX disables tool used by North Korean hackers
Cryptocurrency exchange OKX has temporarily disabled a tool used by North Korean hackers to launder stolen funds. The news comes just weeks after the exchange pleaded guilty to violating US anti-money laundering laws and agreed to pay $500 million in penalties.
BlackLock ransomware
DarkAtlas has shared details on BlackLock (aka El Dorado), a relatively new group that has “swiftly positioned itself as a major ransomware threat”. BlackLock has been one of the most active ransomware gangs in 2025, with numerous high-profile victims named on its leak site. In the first two months of the year, BlackLock targeted 48 organizations across a wide range of sectors.
Checkpoint product driver exploited in attacks
A driver associated with Checkpoint’s ZoneAlarm product has been leveraged by threat actors to escalate privileges and bypass Windows security features. Venak Security reported that threat actors exploited vulnerabilities in the kernel-level driver, vsdatant.sys, as part of a Bring Your Own Vulnerable Driver (BYOVD) attack.
SpyX hacked
The systems of consumer spyware SpyX were hacked in June 2024, resulting in the exposure of two million user records, TechCrunch reported. Impacted customers were likely not notified of the data breach. TechCrunch has counted 25 mobile spyware operations suffering a data breach since 2017.
Critical Chrome vulnerability
A Chrome update patches a critical use-after-free vulnerability. These types of flaws can typically lead to sandbox escapes or arbitrary code execution and can have a significant impact. The reward for the vulnerability, which is tracked as CVE-2025-2476, has yet to be determined by Google.
GoDaddy details website hacking campaign
GoDaddy has described a website hacking campaign it calls DollyWay World Domination, which has been used to redirect users to scams for the past eight years. GoDaddy reported that more than 20,000 websites have been hacked as part of the campaign since 2016.
Capital One hacker to be resentenced
A court has reversed the 2022 sentence given to Paige Thompson for a massive hack of Capital One bank. Thompson was sentenced to time served (roughly 100 days in prison) and five years of probation due to her mental health and transgender status. A court has now ordered Thompson’s resentencing, arguing that the initial punishment was too lenient considering that her actions caused tens of millions of dollars in damage, as well as emotional and reputational harm to many individuals and entities.
200,000 WordPress sites exposed to attacks due to plugin vulnerability
The WP Ghost security and firewall plugin for WordPress websites, which is deployed on more than 200,000 sites, is affected by a critical vulnerability that can be exploited for remote code execution, PatchStack reported. The vulnerability, tracked as CVE-2025-26909, has been patched.
Related: In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Related: In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report
