Summary: This week’s cybersecurity news roundup highlights key developments, including significant legal rulings, vulnerability disclosures, and actions against malicious activities. Notably, a former Uber security chief’s conviction was upheld, and critical security vulnerabilities were identified in popular software. The roundup aims to provide a broader understanding of the evolving cybersecurity landscape.
Affected: Organizations including Uber, OKX, Checkpoint, SpyX, GoDaddy, Capital One, and WordPress
Keypoints :
- Former Uber security chief Joe Sullivan’s conviction for covering up a data breach was upheld by the US Court of Appeals.
- Expat open-source XML parser vulnerability (CVE-2024-8176) had limited corporate support for patching efforts.
- OKX disabled a tool used by North Korean hackers amid legal troubles related to money laundering violations.
- BlackLock ransomware has emerged as a potent threat, targeting 48 organizations within the first two months of 2025.
- A Checkpoint driver vulnerability led to privilege escalation and Windows security bypass in recent attacks.
- SpyX suffered a breach exposing two million user records with no notification to affected customers.
- A critical Chrome vulnerability (CVE-2025-2476) was patched, addressing potential sandbox escapes.
- GoDaddy revealed a long-term website hacking campaign that redirected users to scams.
- Capital One hacker Paige Thompson is to be resentenced due to previously lenient punishment after a major data breach.
- Over 200,000 WordPress sites were exposed due to a critical vulnerability in the WP Ghost plugin, which has since been patched.