This week’s cybersecurity roundup brings you some of the most important stories you may have missed — from a critical Chrome vulnerability to the Capital One hacker facing resentencing. Here’s everything you need to stay informed about the evolving digital threats.
Former Uber Security Chief’s Conviction Upheld
Joe Sullivan, Uber’s former Chief Security Officer, has officially lost his appeal. A US federal court upheld his conviction for covering up the company’s massive 2016 data breach. Although Sullivan avoided prison time and was sentenced to probation and community service, his legal team had hoped to overturn the ruling. They argued the decision was unfair, but the appeals court disagreed.
Inside the Expat Vulnerability Journey
Sebastian Pipping, the developer behind the open-source XML parser Expat (libexpat), has shed light on a serious vulnerability tracked as CVE-2024-8176. Google Project Zero’s Jann Horn discovered the flaw in 2022, but patching it was no simple feat. Pipping reached out to 40 major companies using the library for support. Surprisingly, only Siemens and one unnamed firm stepped up. After nearly a year, the patch was finally rolled out in 2024 — highlighting the challenges of securing open-source software.
OKX Shuts Down Tool Exploited by North Korean Hackers
Cryptocurrency exchange OKX has disabled a tool exploited by North Korean hackers to launder stolen digital assets. This move comes just weeks after the company admitted violating US anti-money laundering laws and agreed to a hefty $500 million settlement.
Rising Threat: BlackLock Ransomware Gang Expands Attacks
The notorious BlackLock ransomware group, also known as El Dorado, is gaining momentum as one of the most aggressive cybercrime gangs of 2025. According to DarkAtlas, the group has already hit 48 organizations across various industries in just two months. Their leak site lists high-profile victims, proving they are a force to watch this year.
Checkpoint’s ZoneAlarm Driver Exploited in Cyberattacks
Venak Security has uncovered that cybercriminals are exploiting a vulnerable driver tied to Checkpoint’s ZoneAlarm product. The driver, vsdatant.sys, was abused in Bring Your Own Vulnerable Driver (BYOVD) attacks, giving hackers the power to escalate privileges and bypass key Windows protections.
SpyX Spyware Hack Exposes 2 Million Users
In another blow to digital privacy, spyware app SpyX was hacked in mid-2024, exposing records of two million users. Shockingly, many affected customers were never informed about the breach. SpyX is now one of 25 mobile spyware operations compromised since 2017, according to TechCrunch.
Google Patches Critical Chrome Bug (CVE-2025-2476)
Google has released a vital Chrome update, fixing a critical use-after-free vulnerability labeled CVE-2025-2476. These types of flaws often allow hackers to execute arbitrary code or escape Chrome’s sandbox protection. While the reward for reporting this bug is yet to be announced, its impact could have been severe if left unpatched.
GoDaddy Uncovers Eight-Year Website Hacking Campaign
GoDaddy has exposed a widespread website hacking campaign called DollyWay World Domination that’s been quietly running for eight years. The attackers infected over 20,000 websites, redirecting unsuspecting visitors to scam pages since 2016. This revelation serves as a major wake-up call for website owners and developers.
Capital One Hacker Faces Resentencing After Court Ruling
Paige Thompson, the hacker behind the massive Capital One data breach, is heading back to court for resentencing. In 2022, Thompson received time served and probation due to her mental health and transgender status. However, a recent court decision found that punishment too lenient, considering the hack caused tens of millions in damages and harmed countless individuals and businesses.
200,000 WordPress Sites at Risk from WP Ghost Plugin Flaw
WordPress users face another critical security scare. The WP Ghost security plugin, active on more than 200,000 websites, was found to have a remote code execution vulnerability tracked as CVE-2025-26909. PatchStack confirmed the flaw, which has now been patched. Still, website owners should update immediately to prevent potential attacks.
