America’s tech turn.
How might Trump’s new National Security Strategy impact cyber? The UK’s NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.
Today is Monday December 8th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
How might Trump’s new National Security Strategy impact cyber?
Late last Friday, the White House released the United States’ new National Security Strategy, a thirty three page document that puts technology leadership and economic protection at the center of national power. It also signals a sharper global contest over cyber influence. The document ties America’s security to control of advanced technologies and to stopping foreign cyber-enabled threats.
According to the strategy, China’s intellectual property theft, industrial espionage, and influence operations remain major targets for defensive and offensive cyber activity. The administration links real-time network discovery, attribution, and response to close cooperation between government and private industry. It also calls for hardened communications networks across the Western Hemisphere that rely on American encryption and security tools. The strategy positions U.S. technology standards in AI, biotech, and quantum computing as the preferred global model.
The administration’s new National Security Strategy signals a decisive break from past foreign policy. It replaces democracy promotion with a tightly focused vision of self-interest that aims to make the United States more powerful and prosperous. According to the analysis, that shift may create a lonelier and more fractured future for America as global partnerships adjust to the new doctrine.
For cybersecurity, the biggest change is the elevation of economic power, industrial capacity, and supply-chain control as core strategic tools. The analysis points to reindustrialization, critical mineral security, and tight government–industry collaboration, all of which raise the stakes in cyberespionage and digital competition. Europe’s expected shock at the NSS could weaken coordination on cyber defense and counter-disinformation efforts. China may welcome the emphasis on sovereignty but will oppose U.S. efforts to curb its influence abroad, increasing tension in technology and cyber domains. The reduced focus on democracy also suggests fewer constraints on partners that use surveillance, censorship, or digital repression
The UK’s NCSC warns LLMs may never get over prompt injection.
Large language models may never be fully protected from prompt injection, a cyber threat that tricks AI systems into following malicious instructions, according to new warnings from the U.K.’s National Cyber Security Centre. Because LLMs treat all text as tokens to predict, they can confuse user input for commands, enabling attackers to reveal hidden system prompts, extract sensitive data, or manipulate automated decisions. NCSC researchers argue that prompt injection is fundamentally unlike SQL injection, making traditional defenses ineffective. Attempts to distinguish instructions from data remain limited because LLMs inherently do not separate the two. The NCSC concludes that prompt injection will remain a persistent risk and that widespread embedding of generative AI could trigger significant global security breaches unless systems are designed with strong limitations and careful risk management.
At least 18 U.S. universities were hit by a months-long phishing campaign.
A report from Infoblox reveals that at least 18 U.S. universities were hit by a months-long phishing campaign from April to November 2025. Attackers used the Evilginx Adversary-in-the-Middle toolkit to bypass multi-factor authentication by stealing session cookies after victims clicked TinyURL phishing links disguised as campus SSO pages. Infoblox traced nearly 70 shifting attacker domains used to target schools including UC Santa Cruz, UC Santa Barbara, the University of San Diego, VCU, and Michigan. The firm warns universities remain prime, high-impact targets for cybercriminals.
Russia blocks FaceTime.
Russian authorities have restricted Apple’s FaceTime service, accusing it of being used to support terrorism, recruitment, fraud, and other criminal activity. Regulators also disclosed that Snapchat was blocked on October 10 for the same stated reasons. The moves reflect Russia’s broader effort to tighten control over online communication under President Vladimir Putin, including restrictive laws, bans on noncompliant platforms, and advanced systems for monitoring and shaping internet traffic. Apple did not comment on the accusations or restrictions.
A bipartisan group of senators reviving efforts to strengthen protections across the health sector.
A bipartisan group of senators is reviving the Health Care Cybersecurity and Resiliency Act to strengthen protections across the health sector. The bill, originally introduced in late 2024 but never advanced, would modernize regulations, clarify federal roles, offer training, and authorize grants to improve cybersecurity readiness. Lawmakers say health care remains highly vulnerable, with cyberattacks exposing sensitive medical data and disrupting patient care, especially in rural areas with limited resources. The legislation aims to boost coordination between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, require HHS to update HIPAA rules with modern security practices, develop an incident response plan, and provide breach-prevention guidance. It also establishes a five-year grant program for select health care entities. Senators argue patients deserve confidence that their data is protected from ransomware and other threats.
Portugal provides legal safe harbor for good-faith security research.
Portugal has amended its cybercrime law to create a legal safe harbor for good-faith security research, exempting certain hacking activities from punishment under strict conditions. The new Article 8.º-A protects researchers who probe only existing vulnerabilities, avoid financial gain, report flaws immediately, limit their actions to what’s necessary, avoid harmful techniques, and delete any collected data once fixed. Consent-based testing is also covered. The change aligns Portugal with similar moves in Germany and the United States to support responsible vulnerability disclosure and safer cybersecurity research.
A large-scale campaign targets Palo Alto GlobalProtect portals.
A large-scale campaign has targeted Palo Alto GlobalProtect portals and later SonicWall SonicOS API endpoints, according to GreyNoise. Beginning December 2, attackers launched credential-stuffing and scanning activity from more than 7,000 IP addresses tied to German hosting provider 3xK GmbH (AS200373). Initial waves focused on brute-forcing GlobalProtect VPN logins across multiple profiles, using client fingerprints previously seen in millions of scan sessions dating back to September. By mid-November, 3xK infrastructure generated another 2.3 million GlobalProtect scans, mostly from Germany. On December 3, the same fingerprints appeared probing SonicWall API endpoints, activity typically used to identify exposed systems or future exploitation targets. GreyNoise attributes both clusters to the same actor. Palo Alto Networks confirmed increased credential-based attacks and urged customers to enforce MFA.
A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam.
A Maryland man, Minh Phuong Ngoc Vong, has been sentenced to 15 months in prison for allowing North Korean IT workers to use his identity to obtain software development jobs at 13 U.S. companies, including work contracted to federal agencies such as the FAA. Prosecutors say that from 2021 to 2024, Vong collected over $970,000 in salary while North Korean nationals performed the work overseas, using his credentials to access U.S. systems. At one Virginia tech firm, Vong lied about his background, verified his identity with U.S. documents, and was assigned to FAA systems handling sensitive national defense information. He installed remote access tools that enabled workers in China to operate under his name. The case is part of broader DPRK IT worker schemes that U.S. officials say fund sanctioned North Korean government operations.
Business Brief.
In our Monday business brief, Cybersecurity funding and acquisition activity remains strong, with multiple firms announcing sizable investments. Israel-based Zafran Security raised $60 million in Series C financing to accelerate product innovation and expand globally. Microsoft 365 security provider Augmentt secured $18 million to advance its roadmap and deepen MSP partnerships. Software supply chain firm Codenotary raised $16.5 million to grow engineering, AI research, and international go-to-market efforts. Zero-trust networking company NetFoundry added Cisco Investments to its Series A, bringing the round above $15 million. Cloud security startup Blast Security emerged from stealth with a $10 million seed round, while Swiss identity security firm Saporo raised €7 million to scale R&D and expand across Europe.
M&A activity included ServiceNow’s planned acquisition of identity security company Veza for a reported $1 billion, McAfee’s purchase of consumer privacy app SayMine, Allurity’s acquisition of OT security firm MSF Partners, and WALLIX’s acquisition of French cybersecurity analytics company Malizen to accelerate its AI roadmap.
An AI image sends train schedules off the rails.
Trains across northern England briefly ground to a halt after an AI-generated photo claimed that Lancaster’s Carlisle Bridge had crumbled spectacularly following a late-night earthquake. The image, which apparently showed enough rubble to make a stonemason weep, surfaced on social media around 00:30 GMT. Network Rail, taking no chances, paused traffic while inspectors confirmed the bridge was as intact as ever. A BBC journalist asked an AI model to review the image, which obligingly pointed out its suspiciously artistic “damage.”
The line reopened, though not before 32 trains—some all the way up into Scotland—were delayed by what amounted to a digital prank gone wrong. Network Rail gently reminded the public that manufacturing disaster for fun tends to inconvenience real humans and taxpayers. Experts noted few passengers were affected at that hour, but the hoax still forced teams to scramble. As one rail specialist put it, what seems like a game can derail someone’s very real plans.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
And that’s the CyberWire Daily, brought to you by N2K CyberWire.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry. Learn how at n2k.com.
N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.
