A

You're listening to the Cyberwire Network powered by N2K. This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsor job credit@ Indeed.com podcast. Terms and conditions apply.

B

The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control while Russian operators fish signal users. Authorities dismantle a massive Fake CSAM Network Tycoon 2 FA rebounds after disruption, Void Stealer debuts a stealthy Chrome key theft trick, QNAP patches PWN to own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. We got our Monday business breakdown. Brandon Karp and Maria Vermazes ponder the practicality of orbital data centers and one radio to rule the range.

A

Foreign.

B

March 23, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. We are coming to you from San Francisco, the city by the other bay, at the RSAC 26 conference, where the badges are large, the coffee is essential, and just about every booth appears to have discovered the life changing magic of agentic AI. This week we're attending presentations, walking the show floor to see what's new, what's improved, and what's now apparently autonomous, sitting down with industry leaders to hear what's actually changing beneath the buzzwords. We'll bring you interviews, insights, and a few field reports from cybersecurity's busiest gathering place. We're glad you're with us. Last Friday, the White House released their National Policy Framework for Artificial Intelligence Legislative recommendations. The document outlines proposals for Congress to balance innovation rights protections and national competitiveness through a unified federal AI strategy. The framework emphasizes stronger safeguards for children, including age assurance tools, limits on data use, and protections against exploitation and deepfake abuse. It calls for support for small businesses, infrastructure permitting reforms, and expanded federal technical capability to assess national security risks from advanced AI systems. The plan also addresses intellectual property by encouraging courts to resolve disputes over training on copyrighted material and considering licensing mechanisms and protections against unauthorized digital replicas. It promotes First Amendment protections by limiting government pressure on platforms to alter lawful content. Additional recommendations include regulatory sandboxes, expanded access to federal data sets, workforce training initiatives, and federal preemption of burdensome state AI laws to avoid fragmented regulation while preserving certain state authorities. The FBI warned that Iranian hackers linked to the Ministry of Intelligence and Security are using Telegram as command and control infrastructure in malware campaigns targeting journalists, dissidents and critics of the Iranian government worldwide. The activity is tied to the Hondala and Homeland justice threat groups, with Homeland justice linked to the Islamic Revolutionary Guard Corps. Attackers rely on social engineering to deploy Windows malware that steals screenshots and files, leading to intelligence collection, data leaks and reputational damage. The alert follows FBI seizures of four domains used to publish stolen data. Officials also highlighted a related handle attack on Stryker that wiped roughly 80,000 managed devices. Separately, the FBI and CISA warn that Russian linked actors are phishing signal users by impersonating the platform's support team. Attackers send urgent messages about suspicious activity to trick victims into sharing verification codes, clicking malicious links or scanning QR codes. This can give attackers full account access, exposing chats and contacts. Officials stress. The campaign relies on social engineering, not encryption flaws, and primarily targets journalists, activists and other sensitive information holders. An international law enforcement effort led by Europol and German authorities dismantled more than 373,000 dark websites tied to a cybercrime network built around the Alice with Violence CP platform. The operation, called Operation Alice, ran March 9 through March 19 of this year and involved agencies from 23 countries, investigators say. A single operator managed hundreds of thousands of Onion domains that posed as marketplaces for illegal material and cybercrime as a service offerings but primarily collected cryptocurrency without delivering services. Authorities seized over 100 servers, identified about 440 users and issued an arrest warrant for a China based suspect who allegedly earned more than €345,000, officials warn. The case shows how automation and anonymized hosting enable rapid scaling of dark web crime networks. The phishing as a service platform Tycoon2FA has quickly recovered after a coordinated disruption effort by Europol, Microsoft and partners, according to CrowdStrike. Active since 2023, the subscription service enables attackers to bypass multi factor authentication and conduct large scale phishing campaigns. It accounted for 62% of phishing attempts blocked by Microsoft in 2025, generating more than 30 million malicious emails monthly and affecting roughly 96,000 victims. Authorities seized 330 domains in early March, briefly reducing activity to about 25% of normal levels, but operations soon return to prior volumes. The platform's tactics remain unchanged, supporting business email compromise, session cookie theft and cloud account takeover, researchers say the disruption likely slowed customers temporarily but but did not significantly weaken the service long term. A new version of voidstealer is the first observed in the wild Malware to bypass Google Chrome application bound encryption using a debugger based technique that extracts the browser's V20 master key directly from memory. Unlike earlier methods, the approach avoids system level privilege escalation and browser code injection, reducing detection risk while still exposing cookies and credentials. The malware attaches to a hidden browser instance as a debugger, sets hardware breakpoints and intercepts the key during normal decryption. It then decrypts protected data offline from browser databases, effectively undermining ABE protections for that profile. Researchers note the technique builds on open source tooling and may spread to other infostealers. Defenders can detect activity by monitoring debugger attachments to browser processes, unusual memory read behavior and hidden browser launches from untrusted parents, which remain uncommon in legitimate environments. QNAP released patches for multiple vulnerabilities across its products, including four flaws in SD WAN routers demonstrated at Pone ta' Oan Ireland 2025. The issues range from privilege escalation, requiring physical access to information disclosure and administrator level code execution risks. Researchers from Team DDoS Chained related bugs to gain root access during the contest. QNAP also fixed critical flaws in qnet Switch and QVR Pro that could enable remote access or arbitrary code execution, the company said. No active exploitation has been reported. CISA ordered federal agencies to urgently patch a critical remote code execution flaw in Cisco's Secure Firewall Management Center. The vulnerability allows unauthenticated attackers to execute Java code as root and has been exploited as a zero day by the Interlock Ransomware Group. CISA added it to the known Exploited vulnerabilities catalog with a three day remediation deadline, Amazon Web Services reported. Attackers used the flaw for persistence, credential access and lateral movement. Turning to our Monday business breakdown, several cybersecurity startups announced major funding rounds and acquisitions, highlighting continued investor interest in AI driven security platforms. Surf AI raised $57 million, led by Excel to expand product development and enterprise adoption. Native secured $42 million, including a $31 million Series A LED by Ballistic Ventures, while Bold Security and Onyx security each raised 40 million. Kevlar AI added $30 million and Tracebit raised $20 million for product expansion. KLFI secured 12 million euros and Manifold closed an $8 million seed round. Separately, K2 Integrity acquired Leviathan Security Group and Connectus Business Solutions acquired i7 Technologies to expand regional support. There's much more in our business brief on our website, which is Part of CyberWire Pro do check it out. Coming up after the break, Brandon Karp and Maria Ramasas ponder the practicality of orbital data centers and one radio to rule the range. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up. And these days, customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits. With Vanta, that means less time chasing paperwork and more time focused on growth. For me, it comes down to over 10,000 companies, from startups to large enterprises trust Vanta to help prove their security. Get started@vanta.com cyber.

C

Spring starts at the Home Depot and we are bringing the heat to your backyard this season. Fire up the flavor with our wide variety of grills for under $300. Like the next grill 4 burner gas grill that's perfect for hosting your spring cookout. Then set the scene and turn your outdoor space into the go to spot the patio sets for every budget. Bring it this season with grills that deliver flavor and patios that set the vibe from the Home Depot. Start your spring with low prices guaranteed at the Home Depot exclusion supplies. See homedepot.com pricematch for details.

B

It is always my pleasure to welcome back to the show two of my most favorite people in the world. Of course, I'm starting out with Maria Vermazes, who is our contributing host here at N2K CyberWire. Maria, welcome.

A

Hey, thanks.

B

And Brandon Karpf, who is the Director of Public Private Partnerships at ntt. Brandon, welcome back.

C

Top of the day to you, sir.

B

So, Maria, I'm gonna let you take the lead here because you wanted to base our conversation today off of some posting that our friend Brandon has been making over on LinkedIn lately. Why don't you bring us in here?

A

All right. So it's not every day I get to talk to a LinkedIn celebrity. Brandon, but here you are. How does it feel to go viral on LinkedIn?

C

Oh, God, I don't think I.

A

Well, it happened. So the premise of how you went viral is essentially, I'm going to nutshell this as best I can. You were looking at the hype around the idea of orbital data centers that may or may not have been centered around some stuff that Elon Musk said, but not exclusively him. And you hashtag did the math, but you literally did the math on whether or not you really very literally did the math on whether orbital data centers make lick of sense or if it's all hype. And the thing that fascinates me is you publish all of your math. You went through your entire. How would you describe the entire process of how you came to all of your conclusions in like four 40,000 word essay, something like that.

C

I basically like cranked open my cranium and just let everyone see my thought process.

B

Got a big old ice cream scoop and just.

A

And it was Spaceballs themed also, which made it really excellent. So because somehow you managed to tie Spaceballs into pretty much every point that you made, which was, my hat is off to you, sir. That was quite amazing. So that was your first post that you did about this where some of the questions were things like how on earth would you cool something like that. How on earth would this make any sense? What would the latency be? You asked all these really good questions that I didn't even know to ask. But what was your conclusion from that first post you made on orbital data centers?

C

Yeah, and this all, as you pointed out, starts with Spaceballs. Because Spaceballs is my personal favorite movie. I think that anything Mel Brooks does is brilliant and I love the absurdity of it. And I thought that the absurdity of satire like Spaceballs just perfectly encapsulates the results of my math. And yeah, as you said, merger of XAI and SpaceX, but also a number of other companies talking about AI training in space. Basically people are looking for ways of getting around the bottlenecks on ear, and that's primarily around electricity generation and, and water needs for data centers. You know, there's no secret in this country, you know, places like Virginia, Loudoun county, getting real upset with all the data centers going in there, the cost of electricity. There's even proposed legislation in some states to ban data centers from states. So I mean, this is a big thing. And so people are looking for other, other ways of doing this, of training. And so there have been a number of proposals about, okay, let's just put it in orbit, right? Solar panels, the sun's there, free electricity, yada yada yada.

A

And my favorite phrase that is incorrect because space is cold.

C

And that makes me go, space is cold, right? Space is a vacuum.

B

I am holding back because that is my number one question is how you cool these dang things in the vacuum of space.

A

That is a very good question.

B

I will let you continue.

C

So the first post, I just wanted to get my head wrapped around the constraints and caveat here. I'm not a space engineer, aerospace engineer. My background is actually mechatronics engineering. So it's like electrical and control systems, but then computer science. So getting as far away from physical things as possible is basically my background. But I have taken thermodynamics classes and such. And so I basically went through, in my own amateurish way, every subsystem, every major subsystem of a satellite to figure out where the constraints were for a data center in space on a satellite. My gut had said it was going to be a cooling issue because space is a vacuum, which means that the only way you can cool is through radiation, is actually sending IR infrared radiation out into space. And depending on where you are in space, space can be either very hot or very cold, you know, depending on your orientation and kind of how close

A

you are to a star and.

C

Exactly.

A

All that stuff. Yep.

C

And so, you know, I went through each subsystem, you know, subsystems like the, the avionics, like the heat transfer system, like power generation, you know, the compute system, the engine that actually kind of, you know, called the adcs, that manages and flies the thing and figured out, you know, in my rough amateur way if it was feasible. And my, my first post. Yeah, go ahead.

A

Oh, I wanted to say, but also you were very generous in your math. Like PI was three and cows were all spherical. But also in the. In. In. To the benefit of the orbital data centers, like you were giving them that benefit as opposed to going really like back at the napkin math. That would be really against it. So you're like giving them every opportunity to work.

C

I was trying. I was trying. You're trying any good engineering. I was engineer. I was rounding up.

A

Right.

C

So the conclusion of the first piece was this idea makes no sense because what I conclude is the size of a satellite, because of the amount of solar panels that you need to power these things to have enough GPUs on the satellite and the size of the radiators would basically make these extraordinarily large structures in space, you know, larger than anything we've ever built or ever imagined to have, you know, even a few, you know, up to like 64 or 128 GPUs on. On a single satellite. But that, that was just the first post.

A

That was. And I, I wanted to, I wanted to. I'm so glad you mentioned that because you basically did science in real time.

B

Yeah.

A

You were iterating and you were letting us all in on your process. And I love that because just your first post got so many comments. Oh my God. And I'm so sorry. But also it was great because it was just like the entire aerospace industry was like chiming in and they didn't appreciate you throwing cold water on this. But you then you then made a second post which had even more math and you reached some interesting conclusions from that and I thought this was awesome. So walk us through this one.

C

Yeah. So what happened after that first post is actually a number of legitimate aerospace engineers reached out to me, including the CTO of a company called Star Cloud, who in November launched a Nvidia GPU on a small satellite, single GPU and, and is flying it today. Right. It's, it's up there in low earth orbit. And he reached out and he told me kind of where some of my assumptions were wrong, especially around heat transfer, especially around the, you know, how I was modeling heat transfer. And he told me kind of, he pointed me in a direction of refining my model. And when I did that, it actually on terms of the things that I thought were a constraint, power generation and heat transfer, those things actually became not constraints. I mean they are certainly a challenge. But with technologies that are even in existence today, but especially in development over the next five years, power generation and heat transfer, not as much of an issue. But it gave me an opportunity to dive into a part of my, a part of my model that I had not explored in detail in the first piece, which is the communications portion of the model and actually how we communicate data. Because if you're going to do any sort of cloud compute or AI training or what have you, you got to get data either between satellites or from satellites to ground to make it useful. And that started revealing some really interesting implications, especially around kind of cloud compute and security and what eventually became a cyber story.

B

Yeah. So how did it end?

C

So what I discovered in modeling communications and looking at the technologies available for inter satellite communications and then space to ground communications is even the best of class today. Optical inter satellite links and then optical satellite to ground links. The, the most capable today can only do about 100 gigabits per second in terms of, of bandwidth and on test beds. The, the most capable optical link that has been proven in a Lab is only 400 gigabits per second. And then there's some early technologies that look like with, with interesting multiplexing we can probably push that to 1 terabit per second. All of that sounds like a lot. But in order to properly communicate between GPUs in a cluster for AI training, you need 14 terabits per second. And that's kind of the baseline for NVLink 5.0, which is the Nvidia platform that allows communication between training clusters of GPUs. And so this constraint of the fact that we maybe can get to 0.4 terabits per second, we need 14.4 terabits per second. We are nowhere close to having the communications technology to be able to have clusters on different satellites. So what that means is, I mean that's a 36 times gap with the, you know, with future hardware, that stuff that hasn't flown yet. Right, the 400 gigabits per second. Right. Massive gap between those two. So what that means is if we're going to do training, AI training, the cluster has to be on one satellite. Therefore, how many GPUs can you put on one satellite to create a cluster? And based on my more accurate physical model, the maximum number of GPUs that I could reasonably fit on a satellite in space is about 128 GPUs, which if you look at any of the kind of hyperscale, you know, frontier model training, they're training with hundreds, a hundred thousand GPUs, right. In clusters. So this is 28 gigs.

B

Like a closet.

C

Right, right. 128 is what you need.

B

I mean, I know people who are out there playing video games with 128 GPUs.

C

Brandon. Exactly. I mean, I've got friends who have that literally in their basement.

B

Right.

C

It doesn't even get you to a GPT3 class model.

B

Right.

C

We're so we're talking about models from four years ago that you might be able to train on one satellite. And so, you know, because of the comms constraint, AI training is out the window. I don't think that there's a way. I mean, unless you're doing really small, I mean really, really small specialty models on a single satellite, you don't have enough communication bandwidth between satellites to do the internode communications, intra cluster communications. And so everything has to be on a single satellite for that use case. But what I did in this article is I actually looked at five different business models. The five business models I looked at was AI training, AI Inference, Public Cloud, Edge and CDN Compute, Content Distribution, Network compute. And then the last one I looked at was Sovereign Cloud. And the final conclusion I came to is all of those business models, AI training, AI inference, public cloud, edge compute, all of them, either on technical means or on profitability means don't make sense, just do not work in a space based architecture. The only one that I could turn a profit on that I think is legitimately possible. And this is, I think an interesting cyber story is sovereign cloud and sovereign Compute.

B

Well, the concerns I have are when you're in orbit, somebody with an adversary can sidle up a satellite next to yours and it's a lot harder to tell them, knock it off. And then the obvious other one is one of your GPUs goes down. Oh, let's just swap it out. Oh, sorry, can't. It's in orbit, right?

C

I mean, yeah, totally, totally. So you're much more limited in terms of the flexibility of their architecture. Totally true. You're much more limited in terms of obviously maintenance, obviously lifespan. Right. You know, maybe you can get five years from these things. But sovereign cloud is not competing with terrestrial compute on performance. It's not competing on speed, it's not competing on elasticity, it's not really even competing on cost. Right. What sovereign customers are buying is they're buying a property of the deployment, which is where is this deployment? What laws are controlling this deployment? How physically accessible is this data? You know, one of the problems with terrestrial data centers, you know, say we have a data center in Singapore, is that anyone with the right credentials can walk into that facility and the right credentials could look like 5,000 bucks in a brown paper bag.

B

All right, well, I mean, that's fascinating. You've. You've opened my eyes to some of the possibilities.

A

Yes, thank you so much, Brandon. Sorry I was very quiet for the second half of this chat. I was having some Internet problems. But this was a fascinating chat, so thank you.

B

Brandon Karp is Director of Public private partnerships at NTT and Maria Vermazes is our contributing host here at N2K CyberWire. Thanks so much for joining us.

A

Thanks, David. So good, so good, so good. Spring styles are at Nordstrom Rack stores now and they're up to 60% off. Stock up and save on Rag and Bone, Madewell, Vince, All Saints and more of your favorites. How did I not know Rack has Adidas? Why do we rack for the hottest deals? There's so many good brands.

C

Join the Nordic Club to unlock exclusive discount discounts.

A

Shop new arrivals first and more. Plus buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you Rack get in the game with the college branded Venmo Debit Card. Rack your team with every tap and earn up to 5% cash back with Venmo Stash, a new rewards program from Venmo. No monthly fee, no minimum balance, just school pride and spending power. Get in the game and sign up for the Venmo debit card@venmo.com collegecard the Venmo MasterCard is issued by the Vanccorp Bank NA Select Schools available Venmo Stash terms and exclusions apply at Venmo me Stash terms Max 100 cashback per month.

B

And finally, NX Gencom has unveiled Phoenix, a software defined radio device that aims to do for the battlefield what the smartphone did for your pocket, except with fewer selfies and more drone strikes. Built on military 5G foundations, Phoenix can shift roles on demand, acting as a communications hub, jammer, detector, drone controller or direction finder, sometimes all within a matter of moments. In a recent army exercise, the 12 pound unit identified a hostile jammer, adjusted its waveform to restore connectivity, calculated the jammer's location within 5 degrees, and dispatched a drone to confirm the target. From there, it could guide strikes or relay coordinates, all while fusing sensor data in real time. The catch is procurement. Phoenix replaces multiple systems at once, which sounds efficient until each system belongs to a different office. Technology moves fast, paperwork a little less so, And that's this cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian Show. Every week. You can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Kaltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpy is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

A

Foreign this podcast is brought to you by Carvana. Selling your car shouldn't feel like a second job. It should feel easy with Carvana. It is. Just visit Carvana.com, enter your license plate or VIN, answer a few quick questions and get an offer in minutes. Like what you see. We'll pick it up right from your door and hand you your check. No haggling, no hassle, no problem. Car selling made easy on Carvana. Pickup fees may apply.