CyberWire Daily – "Policy Drops and Phishing Pops"

Date: March 23, 2026
Host: Dave Bittner (with Maria Vermazes & Brandon Karpf)
Location: RSAC 26 Conference, San Francisco

Episode Overview

This episode delivers a snapshot of the latest in cybersecurity policy, threats, technology, and business. Key focuses include the White House's new AI legislative framework, recent global cyber threats and law enforcement actions, emergent malware analysis, major vulnerabilities, business news, and a deep-dive interview on the future (and reality) of orbital data centers. The episode closes with a look at advanced military communications technology.

Key News & Insights

White House Releases National AI Policy Framework

[02:00–04:55]

• Theme: The Biden administration has issued a far-reaching framework with legislative recommendations to guide US AI policy, aiming to balance innovation, rights, and national competitiveness.
• Highlights:
  • Stronger child safeguards: Age assurance, data use limits, anti-exploitation, and deepfake abuse measures.
  • Proposals to resolve copyright concerns surrounding AI training data, suggest licensing, and protect against unauthorized digital replicas.
  • Supports IP rights, First Amendment protections, and calls for regulatory sandboxes, improved workforce training, and simplifying federal vs. state laws.
• Memorable Quote:

  “The framework emphasizes stronger safeguards for children, including age assurance tools, limits on data use, and protections against exploitation and deepfake abuse… It promotes First Amendment protections by limiting government pressure on platforms to alter lawful content.”
  — Dave Bittner [03:40]

International Threat Intelligence Updates

[04:56–11:50]

• Iranian Threat Activity:
  • FBI warns of Iranian Ministry of Intelligence-linked hackers using Telegram for C2 against journalists, dissidents, and critics.
  • Attackers use social engineering to deploy Windows malware, stealing files and screenshots for surveillance and reputational attacks.
  • Linked to “Hondala” and “Homeland Justice” groups (the latter connected to Iran’s Revolutionary Guard Corps).
  • Alert follows the FBI’s seizure of domains used for leaking stolen data; related attacks wiped tens of thousands of devices.
• Russian-Linked Phishing:
  • FBI & CISA caution on phishing of Signal users by Russian groups, impersonating support teams.
  • Tactics: Urgent messages ask victims to share verification codes or click malicious links.
  • No flaw in Signal encryption—attack depends entirely on social engineering.

“The campaign relies on social engineering, not encryption flaws, and primarily targets journalists, activists, and other sensitive information holders.”
— Dave Bittner [06:35]

Major Law Enforcement and Industry Developments

• Dark Web Takedown: Operation Alice [08:00]

  • Europol & German police dismantled 373,000+ dark web sites linked to a fake CSAM and cybercrime marketplace, mostly a cryptocurrency scam.
  • 100+ servers seized; 440 users identified; China-based suspect alleged to have earned €345,000.

• Tycoon2FA (Phishing as a Service) Resilience [09:20]

  • Despite a Europol and Microsoft takedown, Tycoon2FA quickly rebounded.
  • Service enables MFA bypass; accounted for 62% of phishing attempts blocked by Microsoft in 2025.
  • Disruption only briefly reduced activity—shows robustness of phishing crime as-a-service.

  “Researchers say the disruption likely slowed customers temporarily but did not significantly weaken the service long term.”
  — Dave Bittner [10:45]

• VoidStealer Malware’s New Chrome Key Theft Trick [11:00]

  • New debugger-based technique bypasses Chrome’s application-bound encryption (ABE).
  • Avoids privilege escalation/code injection; harder to detect.
  • Extracts browser master key directly, undermining previous security improvements.

  “It then decrypts protected data offline... effectively undermining ABE protections for that profile.”
  — Dave Bittner [11:36]

• QNAP and Cisco Urgent Vulnerabilities [12:10]

  • QNAP released patches for SD-WAN routers after major vulnerabilities were showcased at Pwn2Own Ireland 2025; no exploitation reported yet.
  • CISA ordered urgent patching (3-day deadline) for a critical Cisco firewall bug actively exploited by the Interlock ransomware group.
  • Flaw allows unauthenticated code execution as root.

Business Breakdown: Cybersecurity Investment & M&A

[12:30–13:00]

• Major funding rounds across AI-driven security: Surf AI, Native, Bold Security, Onyx Security, Kevlar AI, Tracebit, KLFI, Manifold.
• Notable acquisitions: K2 Integrity (Leviathan Security Group), Connectus Business Solutions (i7 Technologies).

“Several cybersecurity startups announced major funding rounds and acquisitions, highlighting continued investor interest in AI-driven security platforms.”
— Dave Bittner [12:38]

Featured Interview: The Practicality of Orbital Data Centers

[13:33–27:33]

Guests:

• Maria Vermazes (N2K CyberWire contributing host)
• Brandon Karpf (Director of Public Private Partnerships, NTT)

Segment Highlights & Timestamps

The Viral “Orbital Data Center” LinkedIn Analysis

• Background: Karpf’s LinkedIn posts went viral for their in-depth, math-heavy, and Spaceballs-themed analysis on whether placing data centers in orbit is viable.
• [14:08] Maria: “You hashtag did the math, but you literally did the math on whether orbital data centers make lick of sense... and you publish all of your math.”
• [15:06] Brandon: “I basically like cranked open my cranium and just let everyone see my thought process.”

Technical Feasibility: The Engineering Challenge

• Power & Cooling Bottlenecks:
  • Major issues in the US: Electricity and water requirements for terrestrial data centers.
  • Space Proposal: “Let’s put it in orbit—solar panels, free electricity…”
    — [16:55] Maria & Brandon
  • Cooling in Space is more difficult than popularly assumed: “My gut had said it was going to be a cooling issue because space is a vacuum, which means that the only way you can cool is through radiation.”
    — Brandon [17:12]
• “Spaceballs” Theme Used to Highlight Absurdity:
  • “I love the absurdity of it. And I thought that the absurdity of satire like Spaceballs just perfectly encapsulates the results of my math.”
    — Brandon [15:45]

Evolving the Model with Industry Feedback

• Aerospace engineers and the CTO of Star Cloud (who actually launched an Nvidia GPU in orbit) helped refine Karpf’s assumptions, especially around heat transfer.
• Updated conclusion: “Power generation and heat transfer, not as much of an issue...it gave me an opportunity to dive into...how we communicate data.”
  — Brandon [20:13]

The True Bottleneck: Communications

• Even best-case optical inter-satellite/space-to-ground links deliver only up to 0.4 terabits/second; future tech may reach 1 terabit/second.
• But modern AI training (e.g., using Nvidia’s NVLink 5.0) requires ~14 terabits/second between GPUs in a cluster.
• Takeaway: “We are nowhere close to having the communications technology to be able to have clusters on different satellites.”
  — Brandon [22:45]
• Practical upshot: On a single satellite, you might fit 128 GPUs—“It doesn’t even get you to a GPT-3 class model.” [24:33]
  • “I mean, I’ve got friends who have that literally in their basement.” — Brandon [24:25]

Bottom Line: What Could Be Useful?

• Evaluated five business models: AI training, AI inference, public cloud, edge/CDN compute, and sovereign cloud.
• Only Sovereign Cloud Might Make Sense:
  • “Sovereign customers are buying...where is this deployment? What laws are controlling this deployment? How physically accessible is this data?”
  • Advantage: Terrestrial data centers can be physically compromised—orbital ones offer greater physical inaccessibility, satisfying some regulatory/privacy needs.
• Cybersecurity Twist: Physical security rises, but maintainability and flexibility plummet (hardware swaps, updates become nearly impossible).

“You’re much more limited in terms of obviously maintenance, lifespan… But sovereign cloud is not competing with terrestrial compute on performance… What sovereign customers are buying is... How physically accessible is this data?”
— Brandon [26:20]

Innovation in Military Technology: Phoenix SDR

[29:02–30:43]

• NX Gencom’s “Phoenix” device: A battlefield radio that can morph to serve as a hub, jammer, drone controller, or direction finder—“what the smartphone did for your pocket, except with fewer selfies and more drone strikes.”
  — Dave Bittner [29:07]
• Demonstrated flexibility and rapid role changes in recent army exercises.
• Primary obstacle: Procurement bureaucracy, as Phoenix replaces multiple systems owned by different offices.

Notable Quotes & Memorable Moments

• On AI Policy:

  “It promotes first amendment protections by limiting government pressure on platforms to alter lawful content.”
  — Dave Bittner [03:40]

• On Orbital Data Centers’ Reality Check:

  “What I conclude is...these extraordinarily large structures in space, you know, larger than anything we've ever built..."
  — Brandon Karpf [19:02]
  “The only business model that I could turn a profit on… sovereign cloud and sovereign compute.”
  — Brandon Karpf [25:45]

• On Cybercrime’s Resilience:

  "Researchers say the disruption likely slowed customers temporarily but did not significantly weaken the service long term."
  — Dave Bittner [10:45]

• On Sovereign Cloud Security:

  “Anyone with the right credentials can walk into that facility and the right credentials could look like 5,000 bucks in a brown paper bag.”
  — Dave Bittner [27:19]

Timestamps for Key Segments

• AI Policy & Major News – [02:00–12:30]
• Business Breakdown – [12:30–13:00]
• Orbital Data Centers Interview – [13:33–27:33]
• Military Tech (Phoenix SDR) – [29:02–30:43]

Conclusion

This episode offers a sweeping view of today’s cyber threatscape, regulatory winds, and innovation edge, balanced by a skeptical but deeply informed exploration of orbital data centers’ viability. While the AI gold rush continues, both attackers and defenders are adapting rapidly—and new frontiers, from space to the battlefield, are on everyone’s mind.