CyberWire Daily - Eyes in the sky, red flags on the ground.
Episode Date: December 23, 2025The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A Univ...ersity of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romania’s national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense Authorization Bill and a look back at 2025. In high school, it’s no child left unscanned. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing the passage of the Defense Authorization Bill and a look back at 2025. Selected Reading Trump Administration Declares Foreign-Made Drones a Security Threat (The New York Times) Hundreds of Arrests as Operation Sentinel Recovers $3m (Infosecurity Magazine) Cyber spies use fake New Year concert invites to target Russian military (The Record) University of Phoenix Data Breach - 3.5 Million+ Individuals Affected (CybersecurityNews) Malicious extensions in Chrome Web store steal user credentials (BleepingComputer) Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline (Hackread) Cyberattack knocks offline France's postal, banking services (BleepingComputer) NIST, MITRE announce $20 million research effort on AI cybersecurity (CyberScoop) US Must Go on Offense in Cyberspace, Report Warns (Govifosecurity) AI Bathroom Monitors? Welcome To America's New Surveillance High Schools (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave, and with
Threat Locker, DAC, defense against configurations, you get real assurance that your environment
is free of misconfigurations and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker makes zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
The White House bans foreign-made drones.
African law enforcement agencies crack down on cybercrime.
A new fishing campaign targets Russian military personnel and defense-related organizations.
A University of Phoenix data breach affects about three and a half.
million people. A pair of Chrome extensions covertly hijack user traffic.
Romania's national water authorities suffered a ransomware attack.
A cyber attack in France disrupts postal identity and banking services for millions.
NIST and Miter announce a $20 million partnership for AI research centers.
A think tank says the U.S. needs to go on the cyber offensive.
Tim Starks from CyberScoop discusses the passage of the defense authorization bill.
and in high school, it's no child left unscanned.
It's Tuesday, December 23rd, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It's great as always to have you with us.
The Trump administration announced that all foreign-made drones and their components pose unacceptable national security risks and will be placed on a federal blacklist, effectively blocking new sales in the United States.
While exceptions may be granted by the Pentagon or Homeland Security, the move is widely understood.
to halt future U.S. sales of drones from China's DJI, the dominant global manufacturer.
Existing drones will remain legal to use, in part, to avoid disrupting emergency and law enforcement
operations that rely heavily on DJI equipment.
Many U.S. drone pilots and small businesses say the decision threatens their livelihoods
and limits access to affordable high-quality technology.
D.J.I. has protested the ruling and requested a formal security audit. Meanwhile, U.S. drone manufacturers welcome the decision, calling it a turning point for rebuilding a domestic drone industry.
African law enforcement agencies arrested 574 suspects during a month-long cybercrime crackdown, coordinated by Interpol. Operation Sentinel, which ran from October 27 through November,
27th, targeted business email compromise, digital extortion, and ransomware.
Authorities recovered $3 million in alleged criminal proceeds,
dismantled 6,000 malicious links, and decrypted six ransomware variants.
Interpol says the cases were tied to more than $21 million in losses,
highlighting the rapid growth and increasing sophistication of cybercrime across Africa.
A little-known cyber-espionage group, known as Gauphi, has launched a fishing campaign targeting Russian military personnel and defense-related organizations, according to researchers at Intezer.
The operation used Russian-language lures, including fake New Year concert invitations for senior officials, and forged letters tied to defense contracts to deliver a malicious Excel-XLL file.
When opened, the file installed a previously undocumented backdoor, echo gather, enabling
system reconnaissance, command execution, and data theft. Stolen data was exfiltrated to servers
disguised as a food delivery site. Researchers say the group's technical and linguistic errors
suggest evolving tradecraft, while Goffy, also called paper werewolf, is believed to be
pro-Ukrainian, its origins remain unconfirmed.
The University of Phoenix disclosed a data breach affecting about three and a half million
people, including students, former attendees, and staff.
The breach stemmed from unauthorized external access that began in August, but was not
discovered until November.
Exposed data included names paired with other personal identifiers, creating potential
identity theft risks.
More than 9,000 residents of Maine were affected, triggering regulatory notifications.
The university has offered identity theft protection and retained outside counsel to manage the
response.
A pair of Chrome extensions called Phantom Shuttle are masquerading as proxy tools while
covertly hijacking user traffic and stealing sensitive data, according to researchers at
socket. The extensions, which have been available in the Google Chrome Web Store since at least
2017, target users in China and are marketed to foreign trade workers testing network connectivity.
Sold via subscription, the plugins route all browsing traffic through attacker-controlled
proxies using hard-coded credentials hidden in obfuscated code.
Researchers say the extensions dynamically reconfigure Chrome's proxy settings and selectively
intercept traffic from more than 170 high-value domains.
Acting as a man in the middle, Phantom Shuttle can capture credentials, session cookies,
and API tokens.
Google had not commented at the time of reporting.
Romania's National Water Authority, Romanian Waters, is recovering from a ransomware attack
that began December 20th, impacting roughly 1,000 systems, according to the National Cybersecurity
Directorate. The attack disrupted email, servers, workstations, and GIS systems across the
central office and 10 regional branches, though dams and flood defenses remained operational and are
being managed manually. Investigators say attackers abused Windows Bit Locker, a legitimate
encryption tool to lock files, complicating detection. A ransom note demanded negotiations which authorities
rejected under a no-payment policy.
The incident highlights growing cyber risks to water infrastructure
and has prompted moves to bring Romanian waters
under stronger national cyber protection
with support from the Romanian Intelligence Service.
France's postal service, La Post, confirmed
that a major network incident knocked all of its information systems offline,
disrupting online postal, identity, and banking services
for millions of customers.
The outage affected the company's website, mobile app,
Digipost document storage, and digital identity services,
with some post offices also experiencing temporary disruptions.
La Bank Postal said its online and mobile platforms were unavailable,
but core banking operations, including card payments,
ATM withdrawals, and transfers continue to function.
While La Post has not disclosed the technical calls,
French media reported the disruption was likely due to a distributed denial of service attack.
The incident highlights the operational impact of large-scale cyber disruptions on critical public services
operated by Group La Post.
The National Institute of Standards and Technology announced a $20 million partnership with the MITR Corporation
to launch two new artificial intelligence research centers, including one focused on cyber
cybersecurity risks to U.S. critical infrastructure. One center will support advanced manufacturing,
while the AI Economic Security Center will examine how sectors like water, power, and communications
can defend against AI-enabled cyber threats. NIST said the centers will drive adoption of
AI tools, including agentic AI, while addressing adversarial use and insecure AI systems.
The effort is part of a broader federal push to strengthen
U.S. competitiveness in AI.
Industry experts welcome the move,
but stressed that infrastructure operators
must be directly involved
to ensure research translates
into practical, deployable security improvements.
The United States must move beyond a reactive cyber posture
to confront sustained threats from China and Russia,
according to a new report from the McCrary Institute
for Cyber and Critical Infrastructure Security.
The analysis argues that U.S. cyber policy remains shaped by crisis response, while Beijing and Moscow treat cyberspace as a domain of constant strategic competition.
China is described as the most deliberate adversary, maintaining persistent access to U.S. critical infrastructure for potential coercion during crises.
Russia, meanwhile, integrates cyber operations into military campaigns and regional conflicts.
The report warns that incremental reforms risk seeding initiative to adversaries
and highlights friction between U.S. military and intelligence missions,
including the dual-hat relationship between the National Security Agency and U.S. Cyber Command.
Researchers call for updated authorities, clearer roles, and structures aligned with continuous cyber competition.
Coming up after the break, Tim Starks from CyberScoop discusses the passage of the defense authorization bill,
and in high school, it's no child left unscanned.
Stick around.
It is always my pleasure to welcome back to the show.
Tim Starks, he is a senior reporter at CyberScoop.
Tim, welcome back.
Howdy, Dave?
Looking at your coverage about the defense cyber bill that, as we're recording this recently passed,
overall good news for the administration, I suppose?
Yeah, certainly if you're taking the broader defense picture,
it's a lot of money in there.
on the cyber front I think there's a little there are some pieces that would
maybe be seen as bad news for the administration
one of them is that there are some language in there about
mandating that the phones of senior personnel the mobile phones that they have
have to meet certain kinds of cybersecurity benchmarks
which I think is rather easy to take as a response to signal gate
right
that seemed that struck me as being reactive yeah
Yeah, there's a little reason to think that.
There were some debate about what kind of thing they might include about this,
and this is actually stronger language than they had put in there.
And it did come out, you know, they put out the final deal shortly after the IG report
that was not flattering to the administration on that front.
I mean, the good news, I guess, is that for the administration,
they'll have more secure phones if they, you know, if they meet these obligations.
So that's good.
On the, on the, on the, another thing that it does that, that, you know,
the administration has kind of backed away from this whole idea
of separating the leadership of NSA and cyber command.
But it's still something I think they like the idea of,
and this puts some barriers in the way, should they try to do that?
So in that way, in that way, sit some bad news on the cyber front.
There are some other things I think they'll probably be fine with,
things like making sure that there's artificial intelligence
that is involved in the training, the cybersecurity training, that key personnel do.
So I think there's some things in there on cyber that I think are meaningful
and that might be good for the administration in the long term,
even if it's not the things that they wanted or asked for.
There's some stuff in there that kind of seems to reinforce
some of the things the administration has been wanting to do
on keeping foreign components out of critical systems
that's in there that Pete Hagsath has talked about wanting to do.
So I think there's some things that they're probably happy with.
Is your sense that folks like Cyber Command and NSA
pretty much got the funding that they asked for?
It's always hard to tell because some,
because some significant percentage of it is classified.
In the context of things they've been wanting to get over the course of the year,
they've gotten some big boost that we know of.
So based on what we can know, there have been so big increases.
Well, let's take a look at this past year.
As 2025 winds down, and I think I keep saying it's been a heck of a year,
and that means for good and for bad, what's your sense as we wind down here?
as you look back on this year.
Any overarching thoughts on where we land this year?
Yeah, I think I'm with you on that.
I think Time Magazine would always make its most interesting,
most important person of the year
didn't necessarily have to be a hero.
So I think Hitler was the most,
the person of the year one year.
Yes, interesting times, to say the least.
You know, a lot of the things that jump out at me
in terms of things I've covered,
I can talk about some things.
My colleagues have covered too,
but the policy apparatus of things,
and what's been happening with the federal government.
I feel like we're in a very unsettled period as of the end of this year in a lot of ways.
One, we still don't have a leader of SISA, which is arguably the cyber agency.
There's competition, of course, from things that the FBI does and things that the Cyber Command does.
We do have a top person in the National Security Council.
We do have a national cyber director.
So it's not completely unsettled, but not having assisted director is huge.
I think that agency has taken a step back in that sense because they've also dramatically reduced the number of personnel.
They've cut major things that the department used to do, like election security.
Even in some of the areas where there are things that are happening in this administration, they're still unsettled.
I mean, we don't have a national cybersecurity strategy, although we probably will to start the year.
Those are things that have been worked on by this administration.
The administration has been talking an awful lot about wanting to take it to the enemy in cyberspace.
We haven't seen that really materialized yet.
Maybe that will materialize after the cyber strategy is out.
They've talked about wanting to protect federal cyber networks as part of that strategy,
but talk to a lot of the people who are experts on data breaches and data security,
and a lot of the things that this administration has done via the Department of Government Efficiency
have arguably weakened the federal government's networks,
consolidating of databases, opening to data privacy,
using the satellite company that Elon Musk created Starlink,
that there's so many ways in which they might have weakened the federal cybersecurity posture.
And so on the policy side, I think there's a lot that's been really unsettled.
We still don't have SISA 2015 a reauthor.
for good. That's the
cybersecurity information sharing act, not to
meet here's with the agency
Sessa. It's just been an
awful lot of turbulence and turmoil
and not a lot you can
point to and say these are concrete
cybersecurity successes that the federal
government has had. Some amount of that you might expect
from the first year of an administration.
Some of it very much
stands out as being not at all
like what we usually would see in a first year of an administration.
Is it fair to
consider it the first year of an administration?
when it's their second time around?
Yeah, I mean, you would think that maybe they'd come in.
One of the things that I remember writing a story last year
when there was a, you know,
we were looking at who might win the next election.
And I remember talking to some people
who were a little optimistic,
not everybody was, to be sure,
about the idea that Trump would bring in people
who had more experience and knew how to operate.
Right?
In the first administration,
they brought in a lot of people
who weren't experienced in government.
the idea of being disruptors and outsiders
who are not going to do things the usual way.
And that meant a lot of things they wanted to do.
They probably didn't do as fast as they wanted
because they didn't know how to work the bureaucracy.
So there were people who thought,
oh, this time they're going to bring in people
who were in the first administration
and we're going to get a better group of people
who know how the federal government operates
and therefore they're going to be more efficient
and they're going to get more done.
That doesn't seem to be the case.
No.
No.
No, I mean, you mentioned Doge earlier, and, you know, the notion of having Elon Musk come in with his metaphorical and on-stage literal chainsaw rather than to work their way through the bureaucracy to try to shred it.
And we see, I think it's fair to say ultimately that Doge certainly didn't achieve what they set out to do.
Yeah, and I think, you know, I'm trying not to sound biased here.
I'm a reporter. I mean, I think that there's, there's been a certain amount of, you know,
there's the old saying, measure twice cut once. A lot of what the approach seemed to be here
was measure not at all cut twice, right? It was just sort of like, cut everything and sort
it out later. And so now you have things happening with this administration wanting to rebuild
the tech personnel corps. They're talking about trying to get some more people into the
cyber corps program that they've, that they, you know,
I wrote a story this year about the Cyber Corps program leaving a lot of people in that program in a lurch because they don't, you know, they're here they are. They've signed up for the program. They've gotten scholarship funding and they have to repay that scholarship funding by doing service in the federal government, but those jobs don't exist. So it seems like they've kind of torn everything down. And they're in the process of trying to maybe build some things back up. You question whether that's the right way to do it, right? I mean, I think that's reasonable to question that.
So yeah, Doge has certainly disrupted, but have we gotten the next step in the theoretical benefit that you get from something like that, which is to build it back up stronger?
And I don't think we can say that that's the case.
And I think there are reasons to be skeptical that that can happen because, you know, we talked about this recently as well, Dave, that the number of people, the kind of people who are going to work for the federal government, it's smaller now.
yeah yeah i've said it it's a hard time to be a good faith public servant these days
there's a lot of challenges lots of sand being thrown in those gears and the and the threat picture
you know it it feels like it never gets smaller you know it feels like what's what's threatening us
doesn't ever you know go away and get oh no it's all taken care of every year it seems like there
are more and more threats and you know in different kinds of ways in which uh we're seeing
threat actors get into these big targets.
If you think of some of the really big tech companies like Salesforce and Microsoft
and all those companies, had huge amounts of breaches and cybersecurity problems this year,
that affect vast swaths of people because of who they're attacking.
We're still saying some fallout from Salt Typhoon and the telecommunications act there
that just opened the window to much larger breaches and much larger access from
some from cyber threat groups and foreign nations that we've that we've ever seen before.
So at a time when that's happening, we're seeing a very, very unsettled federal government.
Tim Starks is senior reporter at CyberScoop.
Tim, I have enjoyed our conversations throughout this year.
And I very much look forward to continuing it in 2026.
Thank you, my friend.
Listen, we're probably not going to have anything to talk about because everything's going to fun.
Your lips to God's ears, right?
Is that the saying?
All right.
Take care, Tim.
Bye-bye.
All right.
And finally, at Beverly Hills High School, the future has arrived,
and it is watching you, listening to, especially in the bathroom.
Cameras, scan faces, AI analyzes behavior, license plate readers,
track arrivals and drones wait patiently like very expensive hall monitors. Inside restrooms,
devices disguised as smoke detectors listen for cries of distress, gunshots, or trouble,
promising safety while raising eyebrows. Administrators call it necessary vigilance in an era of relentless
school violence, backed by millions in security spending and daily threat alerts. Many students and
parents agree. Others are less comforted by a campus where even snack bags, water bottles,
or awkward rough housing can trigger armed responses. Civil liberties advocates argue that technology
has not proven it prevents shootings and may instead chill trust, discouraging students from
seeking help. Benders admit false alarms happen. Schools reply that imperfect protection beats
none at all. So class continues under ever-watchful sensors with the quiet understanding that
privacy, like open campuses, is now mostly extracurricular.
And that's the cyber-curricular. And that's the Cyber.
Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app. Please also fill out the survey
and the show notes or send an email to Cyberwire at N2K.com. N2K's senior producer is Alice Caruth,
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ivan.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Thank you.
Thank you.
BOR.