Good morning — you’re reading The Closer, the 10-minute cheat sheet that turns markets, moves, and misfires into signals you can actually use.
This week, you’ll find why Trump’s tariff bluff could redraw supply chains, what Powell’s split Fed says about inflation bets, and how “camera on + 3-bullet recap” is quietly becoming the global default for high-stakes coordination. We did a deeper dive on four big trends in cybser security ahead of Black Hat USA next weekend.
What’s moving this week:
- Trump’s all-in tariff freeze to woo Beijing
- Powell vs. the doves vs. the clock
- Apple’s first “Apple Intelligence” earnings test
- Big oil’s quiet deal closing moment
- Black Hat USA opens with zero-day fireworks
Plus: a tactical classic from Toyota on flagging problems fast—and why sunlight still buys you the most trust-per-second.
— Bradley
Monday Smart-Start
28 July 2025
Numbers and talking points to look like the prepared one at 9 a.m.
GLOBAL INDICES
COMMODITIES & CURRENCIES
*Week-to-date moves as of Friday close. Source: Market data providers*
Invite your friends to subscribe to The Closer!
5 Reads That Smart Operators Are Clicking This Week
1. Samsung lands $16.5B AI chip deal with Tesla
EVs aren’t just battery platforms—they’re AI inference engines now. This is Samsung’s biggest foundry win in years, and a signal that Tesla wants vertical control over autonomy. Financial Times
2. Trump freezes export controls to win over China
In a surprise gambit, Trump paused tech sanctions as part of a broader trade reset. Beijing’s response will shape Q4 risk premia across semis, luxury, and logistics. Financial Times
3. Inside the Fed’s quiet internal battle
Not all doves coo the same way. This piece unpacks why Powell’s “pause” isn’t unanimous—and why some insiders fear cutting too late or too fast. Wall Street Journal
4. OPEC+ bets big on demand resilience
More oil is coming—whether the market wants it or not. Saudi-led supply bumps aim to hold prices stable, but could reprice the entire forward curve. Bloomberg
5. The phishing playbook is evolving
Deepfakes + email = a new class of social engineering risk. This is a good primer for anyone who handles vendor payments or executive comms. Harvard Business Review
Week Ahead
28 July - 3 August 2025
Market-moving moments and why everyone's watching.
Trump ↔ Starmer Summit, Scotland
Bilateral huddle on steel & whisky
Any hint of a tariff détente could reprice EU/UK exporters ahead of the 7 Aug deadline.
UN Gaza-Peace Conference
UN HQ, NY, 28-29 Jul
A cease-fire road-map would shift Mideast risk premia in oil and defence names.
FOMC Meeting Opens
Position-squaring day; the tone of background briefings often leaks into rates vols.
Copom & BoC Meetings Commence
Brazil, Canada
LatAm carry trades + CAD curve brace for policy holds after 15% Selic and 2.75% BoC rates.
Macro Triple-Whammy (within 30 min)
- US Q2 GDP 13:30
- BoC rate call 14:45
- Fed decision 19:00 + Powell 19:30
Growth print vs. two rate decisions gives the clearest read-through for "higher-for-longer" vs. soft-patch narrative.
Pre-flash Euro-area GDP
11:00
First signal on whether the bloc is lagging the U.S. rebound.
Policy & Price Day (Asia-EU-US baton)
- BoJ decision pre-dawn (04:00)
- China official PMI 02:30
- US PCE & personal income 13:30
Yen carry, CNY credit impulse and the Fed's favourite inflation gauge all drop inside ten hours.
Global Price Check
- Euro-area flash CPI 10:00
- US July payrolls 13:30
Where services inflation and wage growth land will dictate how "sticky" the disinflation story feels.
Deal Cluster Closes After Bell
- Safran / Collins flight-controls ✔
- GE Vernova / Alteia ✔
- Uniti / Windstream ✔
Signals capital-markets window re-opening; watch spreads on A&D suppliers, grid-AI, and fibre REITs.
Black Hat USA Opens
Las Vegas
Zero-day headlines here often spark Monday pops in cyber-security names.
Mini-OPEC+ Ministerial
Vienna
Eight producers set September quotas; any hint of easing curbs will hit the Brent curve before Asia Monday.
KEY INSIGHT
Wednesday's triple-header of US GDP, BoC, and Fed decisions creates the week's volatility apex — position accordingly.
Four Cybersecurity Trends Business Leaders Should Watch
Preview of Black Hat 2025 (Saturday August 2nd)
As Black Hat USA 2025 approaches, executives and board members are zeroing in on a handful of cyber threats that have surged in prominence. The following four trends are reshaping cyber risk profiles.
Ransomware Turns to Supply Chains and Vendors
Ransomware gangs are no longer limiting their schemes to single targets – they’re infiltrating the software supply chain to attack many victims at once. Recent analysis highlights how criminals like the Cl0p group have exploited trust in third-party vendors and widely used software tools, turning these into “gateways for disruption” across entire customer ecosystems . One study found 41.4% of ransomware attacks now start through a third-party partner or supplier , allowing a single breach to cascade into multiple companies.
Real-world cases bring this evolution to life. In late 2024, a new ransomware outfit dubbed “Termite” hacked Blue Yonder, a major supply-chain software provider, and claimed to steal 680 GB of data . The attack didn’t stop at Blue Yonder – it disrupted its clients’ operations. A UK supermarket’s warehouse management system went down, and Starbucks had to temporarily revert to manual scheduling when Blue Yonder’s platform became unavailable . These ripple effects show why boards must treat vendor cyber risks as their own. A partner’s weak security can quickly become your business outage or data breach. Robust third-party risk management and visibility into vendor defenses are now essential safeguards .
AI Deepfakes Supercharge Fraud and Social Engineering
The rise of generative AI is enabling a new class of highly convincing scams. “Deepfakes” – realistic but false audio, video, or images – have emerged as a potent social engineering tool. In a recent survey of U.S. and U.K. firms, just over half of businesses reported being targeted by deepfake-powered financial scams, and 43% actually fell victim . A stunning 85% of finance professionals now see these AI-driven impersonation attacks as an “existential” threat to corporate security .
The schemes often involve criminals mimicking executives or vendors to trick employees. In one 2024 case, scammers posed as a company’s CFO in a live video call, using an AI-generated likeness and voice, and succeeded in siphoning $25 million via fraudulent transfers . (Another plot targeted advertising giant WPP with a fake CEO video, though that attempt was foiled .) Deepfake technology erodes the trust barriers – an email from “the CEO” or even a face on a Zoom call can be fabricated, making it harder for staff to discern fraud. This trend matters for boards because it threatens the integrity of approvals and payments. Losses from AI-driven fraud could reach $40 billion by 2027 in the U.S. alone, according to Deloitte . Businesses should respond by tightening verification processes (especially for fund transfers), training employees to spot deepfake red flags, and using AI tools to detect synthetic media. The age-old mandate of “trust, but verify” now applies to voices and video as much as written communications.
Global Cyber-Threat Heatmap
Critical Incidents 2023-2025
Major cybersecurity breaches and their business impact across global markets.
Port of Nagoya Ransomware Outage
JAPAN • JULY 2023
LockBit ransomware disabled the Nagoya Port Unified Terminal System, halting container operations for two days at Japan's largest port by cargo volume.
WPP Deepfake CEO Fraud Attempt
UNITED KINGDOM • MAY 2024
Fraudsters used AI voice cloning technology to impersonate WPP's chief executive and request unauthorized fund transfers from the advertising giant.
MOVEit Supply-Chain Ransomware
UNITED STATES • JUNE 2023
Cl0p ransomware group exploited a critical flaw in MOVEit file-transfer software, compromising Louisiana driver license data and affecting 2,700+ organizations globally.
KEY INSIGHT
Critical infrastructure and supply-chain attacks demonstrate the expanding attack surface as AI-powered fraud techniques emerge alongside traditional ransomware campaigns.
SOURCES
Nagoya: IndustrialCyber (July 2023) • WPP: The Guardian (May 2024) • MOVEit: NCSC/Guardian (June 2023)
The SEC’s 4-Day Breach Disclosure Clock
A new U.S. Securities and Exchange Commission rule is fundamentally changing how companies handle cyber incidents. Public companies must now disclose any “material” cyber breach within four business days of determining it occurred . This compressed timeline – part of SEC regulations that took effect in late 2023 – forces firms to swiftly assess an incident’s impact and report it in an 8-K filing. There are few exceptions (only if national security is at risk), meaning most major hacks can’t be quietly swept under the rug.
The rule’s impact is already visible. In the first half-year of the mandate, about 41 companies disclosed cyber incidents via SEC filings – and only 15 of those were under the mandatory material disclosure item, with the rest reported voluntarily under a non-material category . This suggests many companies are erring on the side of transparency even if they’re unsure of full impact. (The SEC in May 2024 actually advised companies to use the voluntary disclosure route for minor incidents, after observing some over-reporting .) Crucially, the era of delayed or opaque breach reporting is ending. Investors, regulators, and the public will quickly know when a significant attack hits a public company. For boards, this raises the stakes: they must ensure robust incident response plans that can determine impact fast and draft accurate disclosures under tight deadlines. Failing to comply can bring penalties – the SEC has already fined one company $2+ million for internal control lapses around a past ransomware attack – and reputational fallout. Beyond the 8-K rule, the SEC now also requires annual reporting on management’s cyber risk oversight , meaning directors will be held accountable for how seriously they take cybersecurity. In short, cyber incidents have fully graduated from IT issues to boardroom issues, with regulatory teeth behind that shift.
Attacks on Industrial Technology (OT) Hit Home
From factory floors to pipelines and ports, operational technology (OT) and industrial control systems are facing a wave of cyberattacks – with consequences that leap from the digital realm into the physical world. A joint industry report logged 68 cyberattacks in 2023 that caused actual physical disruptions to industrial operations . These incidents range from halted production lines to pipeline shutdowns and power outages. Notably, 80% of the disruptive attacks were attributed to ransomware infiltrating OT environments . In other words, the same extortionate malware plaguing office networks is now literally turning out the lights or stopping the assembly line. Another 15% of these incidents were linked to hacktivists, often tied to geopolitical conflicts – a reminder that nation-state or political motives also put critical infrastructure in the crosshairs.
No industry is immune. Manufacturing has been a prime target (three-quarters of industrial firms reported at least one intrusion in the past year ), but attacks have also hit energy, transportation, and water systems. A high-profile example came in mid-2023, when a ransomware attack forced Japan’s busiest port, Nagoya, to shut down for two days . The port could not process cargo, causing knock-on delays in automotive exports. Toyota, for instance, had to suspend operations at a packaging facility for parts after the malware triggered a systems glitch . In the U.S., memories of the 2021 Colonial Pipeline incident – where a pipeline was preemptively shut to contain an attack, spurring fuel shortages – still loom large. For business leaders, these episodes underscore that cyberattacks can jeopardize core operations and safety, not just data. The potential losses from downtime in industrial sectors (and, in worst cases, the risks to human safety or the environment) make OT security a board-level concern. Companies are investing in segregating IT and OT networks, specialized monitoring for industrial systems, and incident response drills that contemplate worst-case scenarios like prolonged production outages. The bottom line: as factories, utilities, and supply chains get smarter and more connected, threat actors are finding footholds – and the cost of unpreparedness can be measured in both dollars and physical disruption.
PULL
THE CORD
=
TRUST ↑
Flag problems fast – earn credibility
A classic "Andon" case at Toyota – documented in The Toyota Way and a 2025 SixSigma white paper – shows that fixing a defect immediately costs ≈ $1; waiting until final assembly ≈ $100. In Georgetown, Kentucky, a worker spotted a door-seal issue and pulled the cord; the line stopped for four minutes, but analysts estimate $17M in downstream scrap and recall costs were avoided.
Closer Tactic #42 • Managing Up
The Nugget:
Bad news ages like milk. Escalate early—ideally with a clear fix in mind—and leaders will see you as a steward, not a saboteur.
How to deploy:
- State the mismatch in one sentence: "Our customer data sync failed overnight—orders since 02:00 haven't shipped."
- Own next steps: "We can rerun sync in 20 min, then overnight-ship affected orders. ETA 09:00 update."
- Keep receipts: log timeline, decisions, and lessons learned for the post-mortem.
Takeaway:
Leaders remember who surfaced the issue and who hid it. Early sunlight earns trust—and usually saves money.
If you love The Closer, you’ll also love Whale Hunting, where the team at Project Brazen explore the hidden world of money and power every week.
