CyberWire Daily: "Eyes in the sky, red flags on the ground."

Date: December 23, 2025
Host: Dave Bittner, N2K Networks
Featured Guest: Tim Starks, Cyberscoop

Episode Overview

This episode of CyberWire Daily delivers a rapid-fire briefing on notable cybersecurity news from around the world, focusing on international policy changes, law enforcement actions, and major cyberattacks. The featured segment is an in-depth conversation with Tim Starks, senior reporter at Cyberscoop, discussing the impact of the recently passed Defense Authorization bill and the turbulent state of federal cybersecurity policy at the close of 2025.

Key News Highlights

US Ban on Foreign-Made Drones

• [01:08] The Trump administration has banned all foreign-made drones and components, citing unacceptable national security risks.
  • Primary impact on Chinese manufacturer DJI.
  • Existing drones remain legal to avoid operational disruptions.
  • US drone businesses are concerned about costs and technology access.
  • DJI protests the ruling and seeks a formal audit.
  • US manufacturers see the move as a chance to boost domestic industry.

African Cybercrime Crackdown

• [02:30] Interpol’s "Operation Sentinel" led to the arrest of 574 suspects across Africa.
  • Targeted email compromise, extortion, and ransomware.
  • $3 million recovered, 6,000 malicious links dismantled, and six ransomware strains decrypted.
  • Losses linked to these crimes exceed $21 million.
  • Indicates increasing sophistication and frequency of cybercrime in Africa.

Espionage Campaign Against Russian Military

• [03:30] Researchers at Intezer report a phishing campaign by "GoFi" (aka "Paper Werewolf") against Russian military and defense organizations.
  • Used holiday-themed lures to deliver a new backdoor malware, "echogather."
  • Stolen data sent via servers masked as food delivery sites.
  • Tradecraft shows evolving tactics, origin believed to be pro-Ukrainian but unconfirmed.

University of Phoenix Data Breach

• [04:30] Unauthorized access led to compromise of personal info for 3.5 million people.
  • Data exposed includes names and other identifiers, raising identity theft risk.
  • 9,000+ Maine residents affected, triggering state-level notifications.

Malicious Chrome Extensions in China

• [05:10] "Phantom Shuttle" extensions operate as proxies but steal user data.
  • Active since at least 2017, targeting trade workers.
  • Hijack traffic and credentials from 170+ major domains.
  • Sold via subscription, using obfuscated code.
  • Google has not commented on the issue.

Ransomware Attack on Romania’s Water Authority

• [06:00] "Romanian Waters" authority hit by ransomware using Windows BitLocker.
  • Disrupted 1,000 systems, email, and GIS, but no impact on dams or flood defenses.
  • Attackers demanded ransom, but authorities refused negotiation.

Massive Cyberattack on France’s La Poste

• [07:00] Widespread outage of France’s national postal, identity, and banking services.
  • Suspected distributed denial of service (DDoS) attack.
  • Digital services offline, but core banking remained functional.

NIST & MITRE Launch AI Research Centers

• [08:00] $20 million partnership to found two centers for AI security and advanced manufacturing.
  • Focus on defending infrastructure from AI-enabled threats and promoting secure AI adoption.

US Think Tank Calls for Cyber Offensive

• [09:00] McCrary Institute urges the US to proactively confront cyber threats from China and Russia.
  • Current approach too reactive; adversaries exploit prolonged access.
  • Highlights policy gaps and calls for updated authorities.

Featured Interview: Tim Starks on the Defense Cyber Bill and 2025 Cyber Landscape

Segment Starts [12:54]

Defense Authorization Bill: Cyber Takeaways

• Security Benchmarks for Senior Officials' Phones

  • Stronger requirements for securing mobile devices, seen as a direct response to "Signalgate."
  • "One of them is that there are some language in there about mandating that the phones of senior personnel ... meet certain kinds of cybersecurity benchmarks, which I think is rather easy to take as a response to Signalgate right now." – Tim Starks [13:15]

• Reactive vs. Proactive Policy

  • Dave Bittner: "It struck me as being reactive." [13:46]
  • Starks: "This is actually stronger language than they had put in there. And it did come out ... after the IG report that was not flattering to the administration on that front."
  • Stronger controls are positive but seen as responses to specific failures rather than long-term strategy.

• NSA & Cyber Command Leadership

  • Administration has abandoned efforts to split the leadership, but bill introduces hurdles to future separation:
    "It puts some barriers in the way should they try to do that. So in that way said some bad news on the cyber front." – Starks [14:35]

• AI in Cybersecurity Training

  • Mandate for integrating AI into cybersecurity training for key personnel.

• Foreign Components in Critical Systems

  • Reinforces efforts to exclude foreign technology from critical US infrastructure.

Federal Cyber Policy: Unsettled and Under-Resourced

• Leadership Vacuums and Cutbacks

  • No leader at CISA (Cybersecurity and Infrastructure Security Agency); staff cuts; reduced focus on election security.
  • "That agency has taken a step back ... they've also dramatically reduced the number of personnel. They've cut major things that the department used to do, like election security." – Starks [16:43]

• Lack of Clear Strategy

  • Awaiting a national cybersecurity strategy, expected early next year.
  • "We don't have a national cyber security strategy, although we probably will, to start the year." – Starks [17:20]

• Questionable Efficiency from Experienced Rehiring

  • Hopes that more experienced appointees would deliver better results have not been realized.
  • "That doesn't seem to be the case." – Starks [19:32]

• Consequences of "Disruption" Approach

  • The administration’s approach: “measure not at all, cut twice.”
    • "A lot of what the approach seemed to be here was measure not at all, cut twice." – Starks [20:10]
  • CyberCorps program participants left without government jobs.
  • Ongoing attempts to rebuild capacity after significant reductions.

• Talent Shortage in Federal Government

  • Reduced attractiveness of public service roles.
  • "It's a hard time to be a good faith public servant these days." – Dave Bittner [21:31]

The Expanding Threat Landscape

• Threats Grow as Government Stability Wanes
  • Incidents at Microsoft, Salesforce, and major supply chains ("Salt Typhoon") highlight growing risk.
  • "Every year it seems like there are more and more threats and ... different kinds of ways in which we're seeing threat actors get into these big targets." – Starks [21:45]

Notable Quotes & Moments

• On policy turbulence:
  “I feel like we're in a very unsettled period as of the end of this year ... There's just been an awful lot of turbulence and turmoil and not a lot you can point to and say these are concrete cybersecurity successes.”
  — Tim Starks [17:00]

• On leadership and staffing:
  “Not having an assistant director is huge ... that agency has taken a step back in that sense.”
  — Tim Starks [16:43]

• On disruption approaches:
  "Measure not at all, cut twice. Right. It was just sort of like everything and sort it out later."
  — Tim Starks [20:10]

• On continuing challenges:
  "The threat picture, you know, it feels like it never gets smaller."
  — Tim Starks [21:45]

• On public service climate:
  "It's a hard time to be a good faith public servant these days. There's a lot of challenges, lots of sand being thrown in those gears."
  — Dave Bittner [21:31]

Closing Story: Surveillance in Schools

[24:14]
Beverly Hills High School implements advanced surveillance:

• Cameras, AI behavior analysis, drone "hall monitors," and audio sensors in restrooms.
• Aimed at student safety but sparking privacy concerns.
• Civil liberties advocates question efficacy and impact on student trust.
• "Schools reply that imperfect protection beats none at all. So class continues under ever watchful sensors with the quiet understanding that privacy, like open campuses, is now mostly extracurricular."

Episode Structure and Timestamps

• Major Headlines: [00:11 – 12:54]
• Featured Interview - Tim Starks: [12:54 – 22:41]
• Closing Story – School Surveillance: [24:14 – 24:59]

Note: Timestamps refer to transcript markers in [MM:SS] format.

This episode offers a comprehensive look at the intersection of cybersecurity, national policy, and societal consequences at the close of 2025, blending news and expert analysis in CyberWire’s signature clear and balanced tone.