Layoffs Threaten Cybersecurity, M&S Data Breach, Hackers Nabbed Globally

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Layoffs Threaten Cybersecurity, M&S Data Breach, Hackers Nabbed Globally

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-25103">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/05/Layoffs-Threaten-Cybersecurity-MS-Data-Breach-Hackers-Nabbed-Globally.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M6S">2:06</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-25103" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-25103" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-25103" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-25103" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/layoffs-threaten-cybersecurity-ms-data-breach-hackers-nabbed-globally/&t=Layoffs Threaten Cybersecurity, M&S Data Breach, Hackers Nabbed Globally" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/layoffs-threaten-cybersecurity-ms-data-breach-hackers-nabbed-globally/&url=Layoffs Threaten Cybersecurity, M&S Data Breach, Hackers Nabbed Globally" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/05/Layoffs-Threaten-Cybersecurity-MS-Data-Breach-Hackers-Nabbed-Globally.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/layoffs-threaten-cybersecurity-ms-data-breach-hackers-nabbed-globally/" class="input-link input-link-25103" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-25103" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-25103” readonly/>

					<button class="copy-embed copy-embed-25103" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

It’s week 3 of May, and we are happy to be back with our fresh dose of cybersecurity news. Meanwhile, we hope you have managed to safeguard yourself from the nasty, malicious actors.

The world can change so much in just a week. So does the cybersecurity landscape! This week, we will talk about the **latest cybersecurity threat looming large in the US, thanks to their mass summer layoff plans!. Also, we will focus on Marks & Spencer’s recent experience of a cyberattack. Lastly, we will focus on the latest incident where 4 hackers got arrested in a global botness business.

Let’s dive deep into the details!

Mass layoffs may lead to cybersecurity concerns in the US!

America is bracing for mass summer layoffs. Microsoft just announced its recent layoff incident of a mind-boggling 6K employees. As per a report, most layoffs are happening to coders, as companies are using AI to save money. Even CrowdStrike is doing this now.

As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

But experts believe that such layoffs can actually lead to potential data theft and increased breach costs. Around 80% of employees, while leaving their job, take along priceless intellectual property. This is especially true in uncertain times, such as sudden layoffs. T_hese are times of rapid transitions, which may lead to mismanagement of confidential company data_. The chaos around can further add to difficulties in threat detection and damage mitigation.

Experts believe that the **average expense of such an insider threat may go as high as $15 million.

Experts also throw light on the fact that the existing cyber professionals are on the verge of burnout. Also, sudden layoffs can give unauthorized access to unwanted people, because of a lack of ample monitoring systems. Meanwhile, cyberattackers are getting quite good at finding all these loopholes and gaps across organisations.

Experts warn organizations against the bigger threat of high-intensity cyberattacks that can take place at any moment because of mass layoffs.

Marks & Spencer customer data stolen in cyberattack incident

Renowned UK-based retailer, Marks & Spencer, was attacked by threat actors last month. While reporting about the incident to the authorities, they said that customer data was not compromised in the cyber mishap. And that they were compelled to make a couple of “minor, temporary changes” to their day-to-day operations . Then they halted the online orders as part of their recovery system.

However, now Marks & Spencer has revealed that customer data such as telephone numbers, dates of birth, residential addresses, etc. have been affected and compromised by the cyberattack.

**Marks & Spencer updated on the London Stock Exchange website that its customers do not have to take any action. Also, they stated that in case the situation worsens, they will inform the customers at the earliest. Just for maintaining mental sanity, customers can change their passwords, for which they will be prompted the next time they log into their M&S profile.

Marks & Spencer believes that the **compromised data does not include any type of card details or payment information. However, the customers are still at risk as their personal data has been compromised, and they may receive suspicious messages, emails, and even calls from threat actors.

Implementing DMARC, DKIM, and SPF protocols is crucial for organizations to protect against email-based attacks and safeguard sensitive data.

DragonForce, a RaaS group, has claimed responsibility for the Marks & Spencer attack. Besides M&S, it has also targeted two more UK retailers, Co-Op and Harrods.

4 hackers nabbed in relation to a global botnet business

In a recent turn of events, 4 hackers have been nabbed and charged for operating a massive botnet scheme. So far, it has generated a whopping **$46 million by manipulating internet routers across the globe.

Allegedly, the accused hackers used to infect old models of **wireless routers with malware (Anyproxy and 5socks). This malware was used to reconfigure the infected routers without the user’s knowledge. The same infected devices were then sold on their respective official websites as proxy services. They offer anonymity to clients who are involved in **multiple illicit activities online.

The 5socks platform has been up and running since 2004. The subscription feed ranges between $9.95 and $110 every month.

The **FBI has been working closely with other authorities and law enforcement partners, and has managed to seize all the associated domains. Together, they have successfully dismantled the entire botnet’s infrastructure.

Authorities are still running a full-fledged investigation to dig deeper into the matter and find out more details about the complete extent of the botnet’s activities as well as its impact on the global cybersecurity system.The arrest and associated **revelations serve as a stark reminder of the persistent threat of attacks, penetrating at multiple levels in our personal and professional lives.

Sources

• CISA Binding Operational Directive 18-01
• Microsoft Outlook DMARC Enforcement May 2025 (2025)
• PCI DSS v4.0 - DMARC Requirement (2025)