🦅 The Daily Raptor — The Only Newsletter That Hunts In Your Favor Every Daily Raptor edition arms you with cybersecurity sales intelligence so sharp your laptop will need a tetanus shot.
Three times weekly, we track what matters, eliminate the noise, and ensure you're always at the top of the food chain.
Have Friends in Cyber Sales? Just forward this along! Let’s sharpen their craft and help them sell smarter at dailyraptor.com.
🛒 1. Marks & Spencer Cyberattack — $403M Impact
Impact: $403 million in lost operating profit
Details: A "highly sophisticated and targeted" ransomware attack forced Marks & Spencer (M&S) to shut down automated stock systems, resulting in bare food shelves and offline clothing services. Stolen data includes customer names, emails, addresses, and dates of birth.
Supply Chain Breach: Attackers gained access via social engineering of a third-party contractor
Significance: As a global retail leader, M&S is now a case study in supply chain vulnerability. Reports suggest U.S.-based retail giants may be targeted next.
Source: Reuters – May 21, 2025
🎓 2. PowerSchool Data Breach — 62M Students Exposed, Guilty Plea
Timeline: Breach occurred December 2024; extortion ongoing through May 2025
Impact: 62.4 million students and 9.5 million teachers affected
May 2025 Developments:
May 21: 19-year-old Matthew Lane pleads guilty to hacking PowerSchool and launching an extortion scheme (DOJ plea deal)
May 7–8: PowerSchool confirms threat actors are now extorting individual school districts despite the company’s ransom payment (The Register)
May 7: NC Superintendent Maurice Green reports widespread extortion emails sent to Department of Public Instruction and local district staff (WBTV)
☁️ 3. Commvault Azure Zero-Day Exploited by Nation-State Actors
Date: May 22, 2025
Impact: Cloud backups and enterprise data integrity at risk
Details: CVE-2025-3928, a zero-day vulnerability in Commvault's Azure-based backup platform, is actively exploited by suspected nation-state actors. Affects Microsoft 365 backup environments.
Significance: Erodes confidence in cloud disaster recovery and data resiliency tools.
Source: CISA Advisory – May 22, 2025
📶 4. Cellcom Wireless Outage — Cyberattack Confirmed
Date: May 14–21, 2025
Impact: Week-long wireless service disruption across Wisconsin
Details: Initially labeled as “technical issues,” Cellcom later confirmed a cyberattack was the root cause of widespread wireless outages.
Significance: Highlights risks to regional telecoms and the importance of operational resiliency.
Source: SC World
🔍 5. Key Takeaways
💸 Financial Toll: Over $1 billion in losses reported from just M&S and PowerSchool
👥 Scope: More than 70 million individuals affected in the PowerSchool breach alone
⚠️ Emerging Threats: Supply chain infiltration, AI-enhanced attacks, and zero-day exploits
🔐 Defensive Pivot: Acceleration of zero-trust adoption and supply chain validation
🧭 How Do We Help Our CIOs, CISOs?
Given the nature of these threats, considerations are below to review:
🔐 1. Implement Zero Trust Architecture with Supply Chain Focus
Rationale: 54% of large enterprises cite third-party vendors as their #1 cyber risk
Action: Micro-segmentation, continuous identity verification, and vendor access controls
Priority: Time-boxed access for third parties with session-level monitoring
💰 2. Establish a Ransomware Payment Decision Framework
Rationale: As demonstrated, paying ransom doesn't ensure safety
Action: Board-approved payment criteria, verification protocols, and law enforcement contact plans
Priority: Pre-defined decision trees and downstream customer notification protocols
🕵️ 3. Enhance Insider Threat Detection Programs
Rationale: Insider bribery and manipulation remain key risks
Action: Implement user behavior analytics (UBA), geo-restrictions, and tailored training (Review Coinbase News/Last week)
Priority: Monitor high-risk roles: support, IT admins, finance
🔎 4. Strengthen Supply Chain Visibility and Trust
Rationale: Multiple breaches tied to vendor and partner vulnerabilities
Action: Map digital supply chains, enforce attestation, and monitor third-party credentials
Priority: Align third-party security with internal policies and monitor for anomalous activity
CIO/CISO Questions to Drive Engagement
Have a Fantastic Holiday Weekend Everyone!
/smb