CyberWire Daily – March 29, 2026

Episode Theme: Looking Back to Move Forward – A Decade of Breaches & Lessons Learned
Host: Maria Varmazes (in for Dave Bittner), N2K Networks
Special Guest: Dave Bittner
Main Focus:

• Recap of major cybersecurity headlines
• Deep-dive retrospective on the most influential data breaches of the last decade
• Reflections on industry changes, threat actor trends, and what gives the cybersecurity community hope

1. Episode Overview

This CyberWire Daily episode provides listeners with the latest cybersecurity news as well as a special segment marking the podcast’s 10-year milestone. Maria Varmazes and Dave Bittner discuss the major breaches that have shaped the industry since 2014, examining both technical impacts and shifts in public perception and professional responsibility.

2. Rapid Cyber News Highlights

[00:54–09:49]

• Active LangFlow Exploit:
  A critical code injection vulnerability in LangFlow—a framework for building AI agents—has been observed in the wild just 20 hours post-disclosure. Attackers leveraged the advisory to exfiltrate keys, credentials, and potentially compromise connected databases and software supply chains. Strongly recommended: patch immediately and audit for compromises.

• PTC Windchill Vulnerability:
  Germany’s cyber authorities and CISA warn of CVE-2026-4681 (unsafe deserialization in PTC Windchill and FlexPLM) that allows unauthenticated remote code execution. Patches forthcoming; mitigations and IOCs now available.

• Phishing Surges Amid Iran Conflict:
  Bitdefender tracks a 130% surge in phishing attacks targeting Gulf states since the war began on Feb 28, 2026. Notably, the campaigns show sustained, coordinated spikes, adapting in real-time to exploit regional anxieties.

• Google’s Post-Quantum Crypto Timeline Accelerates:
  Google warns organizations to prep for quantum-resistant crypto by 2029 (not mid-2030s), citing rapid advances in quantum computing. Rollout already underway on core Google services.

• RedLine Stealer Developer Extradited:
  Armenian developer Hambar Minassian faces 30 years in U.S. custody for running RedLine malware infrastructure and handling affiliate payments. The operation was disrupted in October 2024 as part of international law enforcement coordination.

• Hacktivist Ransomware in Russia:
  Pro-Ukraine “Bearlify” group has executed over 70 disruptive ransomware attacks on Russian companies, often wiping systems without demands. Targets include energy, telecom, and finance sectors, blending activist and nation-state tactics.

• FCC Moves Against Robocaller Fraud:
  New FCC rules aim to block illegal robocalls by tightening number certification and restricting sensitive call center operations overseas.

• Anime Play Piracy Platform Takedown:
  The Alliance for Creativity and Entertainment dismantles the Anime Play platform—used by 5 million mostly Indonesian users—by seizing domains, servers, and code repositories.

3. Special Segment: A Decade of Breaches—What Changed Cybersecurity?

[10:11–21:47]
Maria Varmazes & Dave Bittner retrospective conversation

Key Moments and Discussion Points

3.1. The Sony Hack (2014) – The Moment Cyber Became Geopolitical

• “It was a milestone. I think the Sony hack was one that gained national attention. It had a lot of geopolitical influence. There were elements of intelligence gathering. Sony, of course, hard to get a bigger, well recognized brand for a multinational organization.”
  — Dave Bittner [11:09]
• The incident was fueled by drama around a movie release (“the intrigue with the movie”) and involved both media and nation-state actors, capturing broad public attention.

3.2. The OPM Breach (2015) – When National Secrets Fell

• “Several of my coworkers had been personally affected by that because they had security clearances...So some of our nation’s greatest secrets were revealed.”
  — Dave Bittner [12:48]
• The breach of U.S. Office of Personnel Management databases exposed sensitive information due to “outdated equipment and outdated security protocols.”
• “We contributed to that breach through retrospective negligence as much as the alleged Chinese through their own retrospective negligence.”
  — Dave Bittner [13:36]
• Noted as a critical moment for U.S. federal cyber defense awareness.

3.3. WannaCry & NotPetya (2017) – The Off Switch for the World

• “...global disruption, where shipping companies got affected and systems were actually shut down. And so again, kind of an aha moment of what happens if somebody can either intentionally or accidentally hit the off switch on a global network...”
  — Dave Bittner [14:30]
• Both attacks showcased the devastating real-world consequences of ransomware and destructive malware, affecting critical operations worldwide.

3.4. Equifax (2017) – Personal Impact for Millions

• “Still dealing with the fallout from that one to this day... our two years of credit monitoring...”
  — Maria Varmazes / Dave Bittner [15:07]

3.5. SolarWinds (2020) – Supply Chain Trust Broken

• “That was really the one that put a big red star on supply chains and third party providers.”
  — Dave Bittner [15:19]
• The conversation notes the paradigm shift as CISOs became potentially criminally liable for breaches:
  • “At that time, if you were a CISO, you were like, what?... He was eventually cleared, if I remember.”
    — Maria Varmazes [15:39–16:03]
• “That hazard was there for CISOs, I think caught a lot of people's attention... What kind of insurance do we need?... made everybody sort of sit up in their seats.”
  — Dave Bittner [16:54]

4. Threat Actors: Motives & Methods Evolve

[17:27–18:52]

• Two main archetypes persist:
  1. Nation-state espionage: Focused on intelligence gathering.
  2. Financially motivated criminals: Ranging from petty fraud to large-scale ransomware.
• Increasing overlap: “...state-sponsored actors who are doing a little side work, who are out there getting some money and the nation states are willing to look the other way...”
  — Dave Bittner [17:49]
• Lines between motives “gotten fuzzier,” reflecting blended operations.

5. Reflections, Resilience & Future Outlook

[18:52–21:47]

• On breach inevitability:
  • “It’s not a matter of if, it’s a matter of when. At the outset I was a little more resistant to that notion, but I think it’s true.”
    — Dave Bittner [19:05]
• Industry attitude:
  • “...some people in our industry have a sense of smug superiority... I have no time or patience for that because I don’t think it’s helpful.”
  • “People are out there fighting the good fight. They're doing it in good faith.”
    — Dave Bittner [19:31]
• Daily cyber newskeeping:
  • “The challenge is narrowing it down to the top 10 things to talk about every day, because this never stops.”
    — Dave Bittner [20:36]
• Reason for hope:
  • “You see the people who are out there doing the good work, who are innovating… trying to help each other learn more, contribute to the community, and all of those things I find uplifting.”
    — Dave Bittner [21:12]
• Takeaway: Progress may be slow, but community efforts and resilience matter.

6. Memorable Quotes & Moments

• “Retrospective negligence… that’s how all of us Gen Xers grew up, right? Drinking from the hose.”
  — Dave Bittner & Maria Varmazes [13:59–14:05]

• “I’ll joke sometimes that, ‘Hi, I’m Dave Bittner, and here’s today’s Bad News.’ But on the other hand, you see the people who are out there doing the good work... and all of those things I find uplifting.”
  — [20:36 & 21:12]

7. Additional Noteworthy Story

AFC Ajax Breach – Beyond Data Theft (Post-interview)
[21:47–24:40]

• Attackers not only accessed internal data but could have manipulated supporter accounts, transferred tickets, or bypassed stadium bans.
• Demonstrated by a journalist who accessed a VIP ticket and used it to enter a match.
• Maria observes: “...less a contained breach and more a system that left the door wide open and the playbook sitting right next to it.”

8. Closing & Community Call-to-Action

• Listeners invited to share feedback, rate and review the show, and participate in the ongoing celebration of CyberWire’s 10th anniversary.
• Teaser for Research Saturday: Interview with Omer Nindberg on “From PDF to pwn.”

For Further Reference

• Full stories, cited research, and links available at thecyberwire.com.
• Tune in on Sunday for the extended version of the Varmazes–Bittner breach retrospective.

This summary covers the core topics, key industry insights, cultural references, and notable quotes from the episode, providing a comprehensive, timestamped resource for listeners and cybersecurity professionals alike.