US bans sale of foreign-made drones, citing security concerns.

Summary

By the CyberWire staff

US bans sale of foreign-made drones, citing security concerns.

The US Federal Communications Commission (FCC) yesterday banned the sale of all new foreign-made drones within the United States, citing "unacceptable risks to the national security of the United States and to the safety and security of U.S. persons." Congress passed a bill last year calling for a ban on drones made by Chinese companies, but the FCC concluded that all drones produced abroad posed unacceptable security risks. The ruling primarily affects the Chinese drone manufacturer DJI, which represents more than ninety percent of the world's consumer drone market.

While security concerns surrounding China-made drones have been circling for years, the New York Times notes that drone operators are not pleased with the ruling; many small business owners in the US have built their companies using DJI equipment. The FCC refrained from banning existing models to avoid disrupting emergency and law enforcement operations, which use DJI drones for rescue operations or for tracking suspects.

Inside the Q3 2025 Threat Landscape: The Trends Every Defender Must Know

Discover the key insights shaping today’s cybersecurity reality in Rapid7’s Q3 2025 Threat Landscape Report. Explore the surge in AI-driven attacks, faster vulnerability exploitation, and the expanding impact of ransomware groups across critical industries. This data-rich analysis highlights the most urgent risks and the steps defenders can take to stay ahead. Get the intelligence your team needs to prepare for what’s coming next.

Ransomware hits Romania's national water authority.

Romania's national water authority, Romanian Waters, sustained a ransomware attack over the weekend that impacted around 1,000 computer systems at ten of its eleven regional offices, BleepingComputer reports. The incident affected "servers running geographic information systems, databases, email, and web services," but the organization says OT operations and essential services were not disrupted.

The Romanian Intelligence Service's National Cyberint Center, which is investigating the incident, said the attackers used Windows's legitimate BitLocker security feature to encrypt files.

Humans Are Not the Weakest Link. Guess who FAIls?

Humans have been labeled the weakest link for ages. But this year showed how easily both humans and AI can be manipulated. In this session, Cato CTRL experts reveal real attacks from the wild where adversaries steered people and AI systems into harmful actions using simple prompts and inputs. The session reframes how you should think about AI risk and what to do when machines start making the mistakes, so register to join us.

University of Phoenix data breach affects 3.5 million individuals.

The University of Phoenix has shared details regarding a data breach stemming from a recent zero-day campaign targeting Oracle E-Business Suite (EBS) instances, SecurityWeek reports. The school disclosed in a filing with the Maine Attorney General's Office that the incident affected nearly 3.5 million people, and involved "names, dates of birth, Social Security numbers, and bank account and routing numbers (without means to access)." The breach began in August 2025 and was discovered in November.

The university is offering free identity theft protection for affected individuals.

Notes.

Today's issue includes events affecting China, Romania, and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

Cyberattack knocks offline France's postal, banking services (BleepingComputer) The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions.

Cyber spies use fake New Year concert invites to target Russian military (The Record) The campaign surfaced earlier in October after researchers at the New York-based cybersecurity firm Intezer identified a malicious XLL file uploaded to VirusTotal, first from Ukraine and later from Russia.

Research and Development

NIST, MITRE announce $20 million research effort on AI cybersecurity (CyberScoop) The effort includes a new research center that will bring government and industry experts together to study how AI will impact cybersecurity in critical infrastructure.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 12.23.25

Top stories.

US bans sale of foreign-made drones, citing security concerns.

Ransomware hits Romania's national water authority.

University of Phoenix data breach affects 3.5 million individuals.

Notes.

Attacks, Threats, and Vulnerabilities

Research and Development

Events