A

You're listening to the Cyberwire Network powered by N2K.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. The White House bans foreign made drones African law enforcement agencies crack down on cybercrime. A new phishing campaign targets Russian military personnel and defense related organizations. A University of Phoenix data breach affects about three and a half million people. A pair of Chrome extensions covertly hijack user traffic. Romania's National Water Authority suffered a ransomware attack. A cyber attack in France disrupts postal, identity and banking services for millions. NIST and Mitre announced a $20 million partnership for a research centers. A think tank says the US Needs to go on the cyber offensive. Tim Starks from cyberscoop discusses the passage of the Defense Authorization bill and in high school, it's no Child Left Unscanned. It's Tuesday, December 23rd, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great as always to have you with us. The Trump administration announced that all foreign made drones and their components pose unacceptable national security risks and will be placed on a federal blacklist, effectively blocking new sales in the United States. While exceptions may be granted by the Pentagon or Homeland Security, the move is widely understood to halt future US Sales of drones from China's dji, the dominant global manufacturer. Existing drones will remain legal to use in part to avoid disrupting emergency and law enforcement operations that rely heavily on DJI equipment. Many US Drone pilots and small businesses say the decision threatens their livelihoods and limits access to affordable, high quality technology. DJI has protested the ruling and requested a formal security audit. Meanwhile, US Drone manufacturers welcome the decision, calling it a turning point for rebuilding a domestic drone industry. African law enforcement agencies arrested 574 suspects during a month long cybercrime crackdown coordinated by Interpol. Operation Sentinel, which ran from October 27 through November 27, targeted business, email compromise, digital extortion and ransomware. Authorities recovered $3 million in alleged criminal proceeds, dismantled 6,000 malicious links and decrypted six ransomware variants. Interpol says the cases were tied to more than $21 million in losses, highlighting the rapid growth and increasing sophistication of cybercrime across Africa. A little known cyber espionage group known as GoFi has launched a phishing campaign targeting Russian military personnel and defense related organizations, according to researchers at Intezer. The operation used Russian language lures, including fake New Year concert invitations for senior officials and forged letters tied to defense contracts to deliver a malicious Excel Xll file. When opened, the file installed a previously undocumented backdoor echogather, enabling system reconnaissance, command execution and data theft. Stolen data was exfiltrated to servers disguised as a food delivery site. Researchers say the group's technical and linguistic errors suggest evolving tradecraft. While gophy, also called Paper Werewolf, is believed to be pro Ukrainian, its origins remain unconfirmed. The University of Phoenix disclosed a data breach affecting about three and a half million people, including students, former attendees and staff. The breach stemmed from unauthorized external access that began in August but was not discovered until November. Exposed data included names paired with other personal identifiers, creating potential identity theft risks. More than 9,000 residents of Maine were affected, triggering regulatory notifications. The university has offered identity theft protection and retained outside counsel to manage the response. A pair of Chrome extensions called Phantom Shuttle are masquerading as proxy tools while covertly hijacking user traffic and stealing sensitive data, according to researchers at Socket. The extensions, which have been available in the Google Chrome Web Store since at least 2017, target users in China and are marketed to foreign trade workers testing network connectivity Sold via subscription, the plugins route all browsing traffic through attacker controlled proxies using hard coded credentials hidden in obfuscated code, researchers say. The extensions dynamically reconfigure Chrome's proxy settings and selectively intercept traffic from more than 170 high value domains. Acting as a man in the middle, Phantom Shuttle can capture credentials, session cookies and API tokens. Google had not commented at the time of reporting. Romania's national water authority, Romanian Waters, is recovering from a ransomware attack that began Dec. 20, impacting roughly 1,000 systems, according to the National Cybersecurity Directorate. The attack disrupted email servers, workstations and GIS systems across the central office and 10 regional branches, though dams and flood defenses remained operational and are being managed manually. Investigators say attackers abused Windows BitLocker, a legitimate encryption tool to lock files, complicating detection. A ransom note demanded negotiations, which authorities rejected under a no payment policy. The incident highlights growing cyber risks to water infrastructure and has prompted moves to bring Romanian waters under stronger national cyber protection. With support from the Romanian intelligence service, France's postal service, La Poste confirmed that a major network incident knocked all of its information systems offline, disrupting online postal identity and banking services for millions of customers. The outage affected the company's website, mobile app, Digipost, document storage and digital identity services, with some post offices also experiencing temporary disruptions. La Banque Postal said its online and mobile platforms were unavailable, but core banking operations, including card payments, ATM withdrawals and transfers, continue to function. While La Poste has not disclosed the technical cause, French media reported the disruption was likely due to a distributed denial of service attack. The incident highlights the operational impact of large scale cyber disruptions on critical public services operated by Group La Poste. The National Institute of Standards and Technology announced a $20 million partnership with the Mitre Corporation to launch two new artificial intelligence research centers, including one focused on cybersecurity risks to US Critical infrastructure. One center will support advanced manufacturing, while the AI Economic Security center will examine how sectors like water, power and communications can defend against AI enabled cyber threats. NIST said the centers will drive adoption of AI tools, including agentic AI, while addressing adversarial use and insecure AI systems. The effort is part of a broader federal push to strengthen US Competitiveness in AI. Industry experts welcomed the move but stressed that infrastructure operators must be directly involved to ensure research translates into practical, deployable security improvements. The United States must move beyond a reactive cyber posture to confront sustained threats from China and Russia, according to a new report from the McCrary Institute for Cyber and Critical Infrastructure Security. The analysis argues that US Cyber policy remains shaped by crisis response, while Beijing and Moscow treat cyberspace as a domain of constant strategic competition. China is described as the most deliberate adversary maintaining persistent access to US Critical infrastructure for potential coercion during crises. Russia, meanwhile, integrates cyber operations into military campaigns and regional conflicts. The report warns that incremental reforms risk ceding initiative to adversaries and highlights Friction between U.S. military and intelligence missions, including the dual hat relationship between the national security agency and U.S. cyber command. Researchers call for updated authorities, clearer roles and structures aligned with continuous cyber competition. Coming up after the break, Tim Starks from cyberscoop discusses the passage of the Defense authorization bill. And in high school, it's no Child Left Unscanned. Stick around.

C

So good, so good, so good.

A

Give big, save big with rac. Friday deals at Nordstrom Racing. For a limited time, take an extra 40% off red tag clearance for a total Savings up to 75% off. Save on gifts for everyone on your list from brands like Vince Cole, Haan, Sam Edelman and more. All sales final and restrictions apply. The best stuff goes fast. So bring your gift list and your wish list to your nearest Nordstrom rack today. This message may be shocking to many millennials. If you are one, you might want to sit down. Right now, loads of people are searching the following on low rise jeans, halter top, velour, tracksuit, hookah shell, necklace, disc belt. You likely place these in the dark of your closet in 2004, never to be seen again. But if you can find it in yourself to dust them off, there are a lot of people who will give you money for them. Sell on depop, where taste recognizes taste.

B

It is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, welcome back.

C

Howdy, Dave.

B

Looking at your coverage about the defense cyber bill that, as we're recording this, recently passed. Overall good news for the administration, I suppose.

C

Yeah, certainly if you're taking the broader defense picture, it's a lot of money in there. On the cyber front, I think there's a little, there are some pieces that would maybe be seen as bad news for the administration. One of them is that there are some language in there about mandating that the phones of senior personnel, the mobile phones that they have to meet certain kinds of cybersecurity benchmarks, which I think is rather easy to take as a response to Signal gate right now.

B

It seemed, it struck me as being reactive.

C

Yeah. Yeah. There's a little, a little reason to think that, you know, there was some debate about, about what kind of thing they might include about this. And this is actually stronger language than they had put in there. And it did come out, you know, they put out the final deal shortly after the IG report. That was not flattering to the administration on that front. I mean, the good news, I guess, is that for, for the administration, they'll have more secure phones if they follow, you know, if they, if they meet these obligations. So that's good. Another thing that it does that, you know, the administration has kind of backed away from this whole idea of separating the leadership of NSA and Cyber Command. But it's still something I think they like the idea of. And this puts some barriers in the way should they try to do that. So in that way said some bad news on the cyber front. There are some other things I think they'll probably be fine with. Things like making sure that there's artificial intelligence that is involved in the training, the cyber security training that key personnel do. So I think there's some things in there on cyber that I think are meaningful and that might be good for the administration in the long term, even if it's not the things that they wanted or asked for. There's some stuff in there that kind of seems to reinforce some of the things the administration has been wanting to do on keeping foreign components out of critical systems that's in there that Pete Hagsoth has talked about wanting to do. So I think there are some things that they're probably happy with.

B

Is your sense that folks like Cyber Command and NSA pretty much got the funding that they asked for.

C

It's always hard to tell because some significant percentage of it is classified. In the context of things they've been wanting to get over the course of the year, they've gotten some big boosts that we know of. So based on what we can know, there have been some big increases.

B

Well, let's take a look at this past year as 2025 winds down. And I think I keep saying it's been a heck of a year. And that means, you know, for good and for bad, what's your. What's your sense as we wind down here? As you look back on this year, any overarching thoughts on where we land this year?

C

Yeah, I think I'm with you on that. I think Time magazine would always make its most interesting, most most important person of the year. Didn't necessarily have to be a hero. So I think Hitler was the most the person of the year one year. Yes. Interesting times to say the least. You know, a lot of the things that jump out at me in terms of things I've covered, I can talk about some things my colleagues have covered, too, but the policy apparatus of things and what's been happening with the federal government, I feel like we're in a very unsettled period as of the end of this year in a lot of ways. One, we still don't have a leader of cisa, which is arguably the cyber agency. There's competition, of course, from things that the FBI does and things that the Cyber Command does. We do have a top person in the National Security Council. We do have a national cyber director, so it's not completely unsettled, but not having assistant director is huge. I think that agency has taken a step back in that sense because they've also dramatically reduced the number of personnel. They've cut major things that the department used to do, like election security. Even in some of the areas where there are things that are happening in this administration, they're still unsettled. I mean, we don't have a national cyber security strategy, although we probably will, to start the year. Those are things that have been worked on by this administration. The administration has been talking an awful lot about wanting to take it to the enemy in cyberspace. We haven't seen that really materialize yet. Maybe that will materialize after the cyber strategy is out. They've talked about wanting to protect federal cyber networks as part of that strategy. But talk to a lot of the people who are experts on data breaches and data security. And a lot of the things that this administration has done via, like the Department of Government efficiency, have arguably weakened the federal government's networks. Consolidating of databases, opening to data privacy using the satellite company that Elon Musk created, Starlink, that there's so many ways in which they might have. Might have weakened the federal cybersecurity posture. And so that on the policy side, I look at that, I think there's a lot that's been really unsettled. We still don't have CISA 2015 reauthorized for good. That's the Cybersecurity Information Sharing act, not to be used with the agency cisa. It's just been an awful lot of turbulence and turmoil and not, Not a lot you can point to and say these are concrete cybersecurity successes that the federal government has had some amount of that you might expect from the first year of an administration. Some of it very much stands out as being not at all like what we usually would see in a first year of an administration.

B

Is it fair to consider it the first year of an administration when it's their second time around?

C

Yeah. I mean, you would think that maybe they'd come in. One of the things that I remember writing a story last year when, when there was a, you know, we were looking at who might win the next. The next election. And I remember talking to some people who were a little optimistic, not everybody was to be sure about the idea that Trump would bring in people who, who. Who had more experience and knew how to operate right. In the first administration, they brought in a lot of people who weren't experienced in government. The idea of, you know, being disruptors and outsiders who are not going to do things the usual way, and that meant a lot of things they wanted to do, they probably didn't do as fast as they wanted because they didn't know how to work the bureaucracy. So there were people who thought, oh, this time they're going to bring in people who were in the first administration and we're going to get a better group of people who know how the federal government operates and therefore they're going to be more efficient and they're going to get more done. That doesn't seem to be the case.

B

No, no. I mean, you mentioned Doge earlier and, you know, the notion of having Elon Musk come in with his metaphorical and on stage literal chainsaw rather than to work their way through the bureaucracy to try to shred it. And we see, I think it's fair to say ultimately that Doge certainly didn't achieve what they set out to do.

C

Yeah. And I think, you know, I'm trying not to sound biased here. I'm a reporter. I mean, I think that there's been a certain amount of, you know, there's the old saying, measure twice, cut once. A lot of what the approach seemed to be here was measure not at all cut twice. Right. It was just sort of like everything and sort it out later. And so now you have things happening with this administration wanting to rebuild the tech personnel corps. They're talking about trying to get some more people into the Cyber Corps program that they've. That they. You know, I wrote a story this year about the Cyber Corps program, leaving a lot of people in that program in a lurch because they don't, you know, they're here they are. They've signed up for the program, they've gotten scholarship funding, and they have to repay that scholarship funding by doing service in the federal government, but those jobs don't exist. So it seems like they've kind of torn everything down and they're in the process of trying to maybe build some things back up. You question whether that's the right way to do it? Right? I mean, I think that's reasonable to question that.

B

Yeah.

C

You know, so. So, yeah, Doge has certainly disrupted. But. But have we gotten the next step in the theoretical benefit that you get from something like that, which is to build it back up stronger? And I don't think we can say that that's the case. And I think there are reasons to be skeptical, skeptical that that can happen. Because, you know, we talked about this recently as well, Dave, that the number of people, the kind of people who are going to work for the federal government, it's smaller now.

B

Mm, yeah, yeah, I've said it. I. It's a hard time to be a good faith public servant these days. There's a lot of challenges, lots of sand being thrown in those gears.

C

And the threat picture, you know, it feels like it never gets smaller. You know, it feels like what's threatening us doesn't ever go away and get, oh, no, it's all taken care of. Every year it seems like there are more and more threats and, you know, and different kinds of ways in which we're seeing threat actors get into these big targets. You know, if you think of some of the really big tech companies like Salesforce and Microsoft and all those companies had huge, huge amounts of breaches and cybersecurity problems this year that affect vast swaths of people because of who they're attacking. We're still seeing some fallout from Salt Typhoon and the Telecommunications act there. That just opened the window to much larger breaches and much larger access from cyber threat groups and foreign nations than we've ever seen before. So at a time when that's happening, we're seeing a very, very unsettled federal government.

B

Tim Starks is senior reporter at cyberscoop. Tim, I have enjoyed our conversations throughout this year and I very much look forward to continuing it in 2026. Thank you, my friend.

C

Listen, we're probably not gonna have anything to talk about because everything's gonna be fun.

B

From your lips to God's ears, right? Is that the saying?

C

All right, take care, Tim. Bye bye.

A

Ford BlueCruise Hands Free highway driving takes the work out of being behind the wheel, allowing you to relax and reconnect while also staying in control. Enjoy the drive in blue cruise enabled vehicles like the F150 Explorer and Mustang Mach E available feature on equipped vehicles. Terms apply. Does not replace safe driving. See Ford.com BlueCruise for more details. Running a business comes with a lot of what ifs, but luckily there's a simple answer to them. Shopify. It's the commerce platform behind millions of businesses including Thrive Cosmetics and Momofuku. And it'll help you with everything you need, from website design and marketing to boosting sales and expanding operations. Shopify can get the job done and make your dream a reality. Turn those what ifs into sign up for your $1 per month trial at shopify.com specialoffer.

B

And finally at Beverly Hills High School. The future has arrived, and it is watching you, listening to especially in the bathroom. Cameras scan faces, AI analyzes behavior, license plate readers track arrivals, and drones wait patiently like very expensive hall monitors. Inside restrooms, devices disguised as smoke detectors listen for cries of distress, gunshots or trouble, promising safety while raising eyebrows. Administrators call it necessary vigilance in an era of relentless school violence, backed by millions in security spending and daily threat alerts, many students and parents agree. Others are less comforted by a campus where even snack bags, water bottles or awkward roughhousing can trigger armed responses. Civil liberties advocates argue the technology has not proven it prevents shootings and may instead chill trust, discouraging students from seeking help. Benders admit false alarms happen. Schools reply that imperfect protection beats none at all. So class continues under ever watchful sensors with the quiet understanding that privacy, like open campuses, is now mostly extracurricular. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.