NDAY Security Blog
NDAY Security Monthly Breach Digest
Explore highlights from the latest cybersecurity events in May, with expandable summaries and detailed reports from April and March available below.
May 2025 Cybersecurity Breaches: What You Need to Know
1. Marks & Spencer Hit by Scattered Spider Group
Hackers exploited a third-party contractor to breach M&S systems, suspending online orders and contactless payments. Estimated damage: £300 million.
- Cause: Social engineering via third-party vendor
- Impact: Services halted, customer data exposed
2. 184 Million Passwords Leaked from Unprotected Database
A massive trove of credentials was found on an exposed server, impacting major platforms like Google and PayPal. Likely stolen via infostealer malware.
- Cause: Infostealer malware + unsecured cloud server
- Impact: Password reuse attacks and identity fraud
3. Chinese APT Targets Czech Government
APT31, linked to the Chinese government, infiltrated the Czech foreign ministry’s unclassified systems. NATO and the Czech Republic condemned the act.
- Cause: State-sponsored espionage
- Impact: System rebuilds and diplomatic tension
4. Commvault SaaS Breach via Zero-Day Vulnerability
Commvault’s Metallic SaaS platform was breached through CVE-2025-3928, compromising Microsoft 365 backups for multiple organizations.
- Cause: Zero-day vulnerability
- Impact: SaaS supply chain integrity questioned
5. AI Impersonation of Trump Chief of Staff
Deepfake audio and messages impersonated Susie Wiles, sending fake pardon requests to contacts. The FBI has launched an investigation.
- Cause: AI deepfake phishing
- Impact: Political manipulation risk
6. Dior Customer Data Breach
Dior disclosed a breach of names, contact data, and order histories. No payment information was accessed.
- Cause: Server compromise
- Impact: Targeted phishing risk, brand damage
Conclusion
May’s attacks highlight the broad spectrum of threat actors—state-sponsored, criminal, and AI-driven. Third-party risk, SaaS platforms, and misinformation are top concerns heading into summer 2025.
April 2025 Cybersecurity Breaches: What You Need to Know
1. Boeing Data Leak from LockBit Ransomware Group
LockBit released stolen Boeing data including internal communications and supplier contracts after the company refused to pay a ransom.
- Cause: Ransomware exploit
- Impact: Intellectual property theft; vendor exposure
2. French Hospital System Offline from Coordinated Cyberattack
Hackers shut down regional hospital systems in France, delaying surgeries and emergency response operations.
- Cause: Hospital IT infrastructure breach
- Impact: Care delays; temporary facility outages
3. Marks & Spencer Breach Begins via Third-Party Access
M&S was compromised over Easter weekend through a vendor, causing operational disruptions that extended into May.
- Cause: Social engineering through contractor
- Impact: E-commerce and payment system shutdowns
Conclusion
April highlighted vulnerabilities in critical infrastructure and retail systems. These incidents stressed the importance of securing vendor relationships and ransomware readiness.
March 2025 Cybersecurity Breaches: What You Need to Know
1. AT&T Confirms Massive Data Breach
AT&T disclosed that the personal data of 73 million customers was leaked on the dark web. The data included Social Security numbers, email addresses, and more.
- Cause: Third-party breach
- Impact: Millions of sensitive records exposed
2. UnitedHealth Subsidiary Change Healthcare Targeted by Ransomware
Ransomware disrupted prescription transactions across the U.S. via a breach at Change Healthcare.
- Cause: Ransomware attack
- Impact: Nationwide pharmacy delays
3. Sisense Breach Compromises Corporate Credentials
Unauthorized access to data analytics firm Sisense resulted in compromised credentials for enterprise clients.
- Cause: Internal intrusion
- Impact: SaaS trust weakened
Conclusion
March highlighted vulnerabilities in telecom, healthcare, and enterprise SaaS environments—further proof that proactive defense is essential.
