Wednesday War Room – 09/03/2025

This Wednesday's threat landscape reveals a perfect storm of supply chain compromises, zero-day exploitation, and operational disruption targeting both technology giants and critical infrastructure.

In partnership with

How 433 Investors Unlocked 400X Return Potential

Institutional investors back startups to unlock outsized returns. Regular investors have to wait. But not anymore. Thanks to regulatory updates, some companies are doing things differently.

Take Revolut. In 2016, 433 regular people invested an average of $2,730. Today? They got a 400X buyout offer from the company, as Revolut’s valuation increased 89,900% in the same timeframe.

Founded by a former Zillow exec, Pacaso’s co-ownership tech reshapes the $1.3T vacation home market. They’ve earned $110M+ in gross profit to date, including 41% YoY growth in 2024 alone. They even reserved the Nasdaq ticker PCSO.

The same institutional investors behind Uber, Venmo, and eBay backed Pacaso. And you can join them. But not for long. Pacaso’s investment opportunity ends September 18.

Paid advertisement for Pacaso’s Regulation A offering. Read the offering circular at invest.pacaso.com. Reserving a ticker symbol is not a guarantee that the company will go public. Listing on the NASDAQ is subject to approvals.

From sophisticated spyware campaigns to record-breaking DDoS attacks, threat actors are demonstrating unprecedented coordination and technical capability, forcing organizations to confront the reality that traditional security perimeters no longer exist.

Massive Supply Chain Attack Compromises Hundreds of Companies via Salesloft Drift

Risk Level: Critical

Business Impact: Customer data exposure, credential theft, potential secondary attacks across entire business ecosystems

What You Need to Know: A sophisticated supply chain attack targeting Salesloft Drift has compromised hundreds of organizations, including cybersecurity giants Palo Alto Networks, Cloudflare, and Zscaler. Attackers exploited stolen OAuth tokens to access Salesforce instances between August 9-17, systematically harvesting customer data, support cases, API tokens, and credentials. The threat actors used automated tools to scan for AWS access keys, VPN credentials, and other secrets that could enable further attacks across victim organizations.

Why This Matters:

  • Your trusted third-party integrations may be weaponized against you without warning.

  • Attackers are specifically targeting support systems where customers share sensitive configuration details and credentials.

  • The scale suggests coordinated preparation for follow-on attacks across multiple industries simultaneously.

Executive Actions:

🔍 Immediately audit all third-party OAuth applications connected to your Salesforce and cloud platforms.

🔐 Rotate any credentials or API keys shared through customer support channels in the past 90 days.

📊 Review and restrict data sharing policies with vendors and support organizations.

🧪 Implement enhanced monitoring for unusual API access patterns and data exfiltration attempts.

📋 Establish incident response procedures specifically for supply chain compromise scenarios.

WhatsApp Zero-Day Exploited in Targeted Spyware Campaign

Risk Level: High 

Business Impact: Executive surveillance, corporate espionage, potential compromise of sensitive communications

What You Need to Know: WhatsApp has patched CVE-2025-55177, a zero-click vulnerability that was actively exploited in sophisticated spyware campaigns targeting journalists and civil society members. The flaw, combined with an Apple OS vulnerability (CVE-2025-43300), enabled attackers to deploy advanced surveillance malware without any user interaction. WhatsApp has directly warned affected users that their devices may remain compromised even after patching.

Why This Matters: 

  • Zero-click exploits represent the highest tier of threat actor capability and targeting.

  • Corporate executives and sensitive personnel may be under active surveillance.

  • Mobile device compromise can provide access to corporate networks and sensitive communications.

Executive Actions: 

📱 Immediately update all corporate iOS and macOS devices to the latest WhatsApp and OS versions.

🔍 Implement mobile threat detection solutions capable of identifying advanced spyware.

🧪 Consider factory resets for devices belonging to high-value targets as recommended by WhatsApp.

📊 Review and strengthen mobile device management policies for executive and sensitive personnel.

🚫 Establish secure communication protocols for sensitive business discussions outside of standard messaging platforms.

Jaguar Land Rover Production Crippled by Weekend Cyberattack

Risk Level: High

Business Impact: Manufacturing disruption, supply chain impact, revenue loss from production downtime

What You Need to Know: Luxury automaker Jaguar Land Rover suffered a cyberattack over the weekend that has severely disrupted both production and retail operations. The company was forced to shut down systems at its Solihull production plant, where popular models including the Land Rover Discovery and Range Rover are manufactured. Dealers report being unable to register new vehicles or supply parts, indicating widespread operational impact across the $38 billion company's global operations.

Why This Matters: 

  • Weekend attacks exploit reduced security staffing and delayed incident response capabilities.

  • Manufacturing disruption can cascade through global supply chains and customer deliveries.

  • The automotive industry's increasing digitization creates new attack vectors for operational disruption.

Executive Actions: 

🧪 Review weekend and holiday incident response capabilities and staffing levels.

🏭 Assess operational technology (OT) security and network segmentation in manufacturing environments.

📋 Test business continuity plans for scenarios involving complete system shutdowns.

🔍 Evaluate third-party dependencies that could amplify the impact of operational disruptions.

📊 Consider cyber insurance coverage specifically for business interruption and supply chain impacts.

Leadership Insight:

This week marks a fundamental shift in the cybersecurity landscape

We're witnessing the convergence of supply chain exploitation, zero-day weaponization, and critical infrastructure targeting in a coordinated escalation that demands immediate executive attention. The attackers are no longer just seeking data; they're systematically dismantling the trust relationships and operational dependencies that modern business relies upon.

The organizations that survive this new threat environment will be those that assume compromise is inevitable and build resilience into every critical business function and relationship.

Your network is hiring. You just don’t know it yet.

Indy AI by Contra helps you find opportunities through your existing network. It connects to LinkedIn and X, then quietly surfaces warm opportunities. No cold outreach. No job boards. No feed fatigue. Just opportunities that find you.

Pennsylvania Attorney General Office Hit by Ransomware, Two-Week Outage Continues

Risk Level: High

Business Impact: Government service disruption, potential data exposure, regulatory and legal implications

What You Need to Know: The Pennsylvania Attorney General's Office confirmed that a ransomware attack is responsible for an ongoing two-week service outage that began in mid-August. The attack has disrupted critical government services and legal operations, demonstrating how ransomware continues to target government agencies that often lack adequate cybersecurity resources and backup systems.

Why This Matters:

  • Government agency attacks can disrupt regulatory oversight and legal proceedings affecting your business.

  • Extended outages indicate sophisticated attacks that bypass traditional backup and recovery systems.

  • Government breaches often expose sensitive data about businesses and individuals under investigation or regulation.

Executive Actions: 

📋 Review your organization's dependencies on government services and digital interactions.

🧪 Test business continuity plans for scenarios involving government service disruptions.

🔐 Assess your organization's cybersecurity posture against similar ransomware attack vectors.

📊 Evaluate data sharing practices with government agencies and regulatory bodies.

🧠 Consider the reputational and operational risks of prolonged service disruptions in your sector.

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

Risk Level: High 

Business Impact: Infrastructure stress testing, potential service disruption, escalating attack capabilities

What You Need to Know: Cloudflare successfully mitigated the largest recorded volumetric DDoS attack in history, peaking at 11.5 terabits per second. This attack represents a significant escalation in DDoS capabilities and demonstrates the growing sophistication of botnet infrastructure available to threat actors. The scale of this attack could overwhelm most traditional DDoS protection systems.

Why This Matters: 

  • Attack capabilities are scaling faster than most organizations' defensive infrastructure.

  • Record-breaking attacks often precede widespread adoption of similar techniques by other threat actors.

  • Your current DDoS protection may be inadequate against next-generation attack volumes.

Executive Actions:

🔍 Immediately assess your current DDoS protection capabilities and capacity limits.

📊 Review service level agreements with DDoS protection providers for volume guarantees.

🧪 Test incident response procedures for scenarios involving complete service unavailability.

🧱 Evaluate network architecture and redundancy for resilience against volumetric attacks.

📋 Consider upgrading DDoS protection services to handle terabit-scale attacks.

Hackers Attempt $130 Million Bank Heist Through Payment System Breach

Risk Level: Critical

Business Impact: Financial system vulnerability, payment processing risks, potential economic disruption

What You Need to Know: Cybercriminals attempted to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A. after gaining unauthorized access to Brazil's central bank real-time payment system (Pix). This attack demonstrates how threat actors are directly targeting critical financial infrastructure to conduct large-scale theft operations, representing a significant escalation in both ambition and technical capability.

Why This Matters: 

  • Critical financial infrastructure is under direct attack by sophisticated threat actors.

  • Real-time payment systems represent high-value targets for immediate financial theft.

  • Successful attacks on payment infrastructure could disrupt entire economic ecosystems.

Executive Actions:

🔐 Review security controls around all financial system integrations and payment processing.

📊 Assess exposure to real-time payment systems and implement additional monitoring.

🧪 Test fraud detection and prevention systems against large-volume transaction attempts.

📋 Establish incident response procedures specifically for financial system compromises.

🧠 Consider additional insurance coverage for cyber-enabled financial crimes and theft.

⚙️ Immediate Leadership Checklist ⚙️

🔄 Audit all third-party OAuth applications and rotate credentials shared through support channels

📱 Update all mobile devices and implement advanced mobile threat detection for executives

🏭 Review weekend incident response capabilities and operational technology security

📊 Assess DDoS protection capacity against terabit-scale attacks

💰 Strengthen financial system security controls and fraud detection capabilities

📋 Test business continuity plans for supply chain compromise and government service disruption scenarios

💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder… It's a job requirement. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

It’s go-time for holiday campaigns

Roku Ads Manager makes it easy to extend your Q4 campaign to performance CTV.

You can:

  • Easily launch self-serve CTV ads

  • Repurpose your social content for TV

  • Drive purchases directly on-screen with shoppable ads

  • A/B test to discover your most effective offers

The holidays only come once a year. Get started now with a $500 ad credit when you spend your first $500 today with code: ROKUADS500. Terms apply.