Podcasts
CyberWire Daily
Ep 2459
The CyberWire Daily Podcast 12.23.25
Ep 2459 | 12.23.25

Eyes in the sky, red flags on the ground.

Show Notes
Transcript

The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A University of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romania’s national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense Authorization Bill and a look back at 2025. In high school, it’s no child left unscanned.

Today is Tuesday December 23rd 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The White House bans foreign-made drones. 

The Trump administration announced that all foreign-made drones and their components pose unacceptable national security risks and will be placed on a federal blacklist, effectively blocking new sales in the United States. While exceptions may be granted by the Pentagon or Homeland Security, the move is widely understood to halt future U.S. sales of drones from China’s DJI, the dominant global manufacturer. Existing drones will remain legal to use, in part to avoid disrupting emergency and law enforcement operations that rely heavily on DJI equipment. Many U.S. drone pilots and small businesses say the decision threatens their livelihoods and limits access to affordable, high-quality technology. DJI has protested the ruling and requested a formal security audit. Meanwhile, U.S. drone manufacturers welcomed the decision, calling it a turning point for rebuilding a domestic drone industry.

African law enforcement agencies crackdown on cybercrime. 

African law enforcement agencies arrested 574 suspects during a month-long cybercrime crackdown coordinated by Interpol. Operation Sentinel, which ran from October 27 to November 27, targeted business email compromise, digital extortion, and ransomware. Authorities recovered $3 million in alleged criminal proceeds, dismantled 6,000 malicious links, and decrypted six ransomware variants. Interpol said the cases were tied to more than $21 million in losses, highlighting the rapid growth and increasing sophistication of cybercrime across Africa.

A new phishing campaign targets Russian military personnel and defense-related organizations. 

A little-known cyberespionage group known as Goffee has launched a phishing campaign targeting Russian military personnel and defense-related organizations, according to researchers at Intezer. The operation used Russian-language lures, including fake New Year concert invitations for senior officers and forged letters tied to defense contracts, to deliver a malicious Excel XLL file. When opened, the file installed a previously undocumented backdoor, EchoGather, enabling system reconnaissance, command execution, and data theft. Stolen data was exfiltrated to servers disguised as a food delivery site. Researchers say the group’s technical and linguistic errors suggest evolving tradecraft. While Goffee, also called Paper Werewolf, is believed to be pro-Ukrainian, its origins remain unconfirmed. Previous activity has been reported by Kaspersky and BI.ZONE.

A University of Phoenix data breach affects about 3.5 million people. 

The University of Phoenix disclosed a data breach affecting about 3.5 million people, including students, former attendees, and staff. The breach stemmed from unauthorized external access that began in August 2025 but was not discovered until November. Exposed data included names paired with other personal identifiers, creating potential identity theft risks. More than 9,000 Maine residents were affected, triggering regulatory notifications. The university has offered identity theft protection and retained outside counsel to manage the response.

A pair of Chrome extensions covertly hijack user traffic. 

Two Chrome extensions called Phantom Shuttle are masquerading as proxy tools while covertly hijacking user traffic and stealing sensitive data, according to researchers at Socket. The extensions, which have been available in the Google Chrome Web Store since at least 2017, target users in China and are marketed to foreign trade workers testing network connectivity. Sold via subscription, the plugins route all browsing traffic through attacker-controlled proxies using hardcoded credentials hidden in obfuscated code. Researchers say the extensions dynamically reconfigure Chrome’s proxy settings and selectively intercept traffic from more than 170 high-value domains. Acting as a man-in-the-middle, Phantom Shuttle can capture credentials, session cookies, and API tokens. Google had not commented at the time of reporting.

Romania’s national water authority suffered a ransomware attack. 

Romania’s national water authority, Romanian Waters, is recovering from a ransomware attack that began December 20, 2025, impacting roughly 1,000 systems, according to the National Cyber Security Directorate. The attack disrupted email, servers, workstations, and GIS systems across the central office and 10 regional branches, though dams and flood defenses remain operational and are being managed manually. Investigators say attackers abused Windows BitLocker, a legitimate encryption tool, to lock files, complicating detection. A ransom note demanded negotiations, which authorities rejected under a no-payment policy. The incident underscores growing cyber risks to water infrastructure and has prompted moves to bring Romanian Waters under stronger national cyber protection, with support from the Romanian Intelligence Service.

A cyberattack in France disrupts postal, identity, and banking services for millions of customers. 

France’s postal service, La Poste, confirmed that a major network incident knocked all of its information systems offline, disrupting online postal, identity, and banking services for millions of customers. The outage affected the company’s website, mobile app, Digiposte document storage, and digital identity services, with some post offices also experiencing temporary disruptions. La Banque Postale said its online and mobile platforms were unavailable, but core banking operations, including card payments, ATM withdrawals, and transfers, continued to function. While La Poste has not disclosed the technical cause, French media reported the disruption was likely due to a distributed denial-of-service attack. The incident highlights the operational impact of large-scale cyber disruptions on critical public services operated by Groupe La Poste.

NIST and MITRE announce a $20 million partnership for AI research centers. 

The National Institute of Standards and Technology announced a $20 million partnership with The MITRE Corporation to launch two new artificial intelligence research centers, including one focused on cybersecurity risks to U.S. critical infrastructure. One center will support advanced manufacturing, while the AI Economic Security Center will examine how sectors like water, power, and communications can defend against AI-enabled cyber threats. NIST said the centers will drive adoption of AI tools, including agentic AI, while addressing adversarial use and insecure AI systems. The effort is part of a broader federal push to strengthen U.S. competitiveness in AI. Industry experts welcomed the move but stressed that infrastructure operators must be directly involved to ensure research translates into practical, deployable security improvements.

A think-tank says the U.S. needs to go on the cyber offensive. 

The United States must move beyond a reactive cyber posture to confront sustained threats from China and Russia, according to a new report from the McCrary Institute for Cyber and Critical Infrastructure Security. The analysis argues that U.S. cyber policy remains shaped by crisis response, while Beijing and Moscow treat cyberspace as a domain of constant strategic competition. China is described as the most deliberate adversary, maintaining persistent access to U.S. critical infrastructure for potential coercion during crises. Russia, meanwhile, integrates cyber operations into military campaigns and regional conflicts. The report warns that incremental reforms risk ceding initiative to adversaries and highlights friction between U.S. military and intelligence missions, including the dual-hat relationship between the National Security Agency and U.S. Cyber Command. Researchers call for updated authorities, clearer roles, and structures aligned with continuous cyber competition.

 

In high school, it’s no child left unscanned. 

At Beverly Hills High School, the future has arrived, and it is watching you, listening too, especially in the bathroom. Cameras scan faces, AI analyzes behavior, license plate readers track arrivals, and drones wait patiently, like very expensive hall monitors. Inside restrooms, devices disguised as smoke detectors listen for cries of distress, gunshots, or trouble, promising safety while raising eyebrows. Administrators call it necessary vigilance in an era of relentless school violence, backed by millions in security spending and daily threat alerts.

Many students and parents agree. Others are less comforted by a campus where even snack bags, water bottles, or awkward roughhousing can trigger armed responses. Civil liberties advocates argue the technology has not proven it prevents shootings and may instead chill trust, discouraging students from seeking help. Vendors admit false alarms happen. Schools reply that imperfect protection beats none at all. So class continues under ever-watchful sensors, with the quiet understanding that privacy, like open campuses, is now mostly extracurricular.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.