CyberWire Daily – "Reports from RSAC and Beyond"

Date: March 24, 2026
Host: Dave Bittner, N2K Networks
Notable Guests: Kevin McGee (Microsoft), Jake Braun (longtime DEF CON organizer, former White House official), Maria Varmazes (contributing host)
Main Theme:
A comprehensive look at the persistent challenges facing cybersecurity—focusing on public-private partnership gaps, major vulnerabilities and breaches, the culture and impact of the hacker community, and emerging threats discussed during the 2026 RSA Conference (RSAC). The episode weaves together front-line news, expert interviews, and stories from the ground at RSAC.

Episode Overview

The episode offers real-time insight from RSAC 2026, highlighting:

• Critical lapses in public-private threat intelligence sharing.
• Noteworthy breaches and vulnerabilities.
• Interviews spotlighting hacker culture's evolving impact, including the DEFCON 33 Hackers Almanac.
• The ever-expanding cybersecurity threat landscape, from leaked spyware to supply chain attacks.

Key Discussion Points & Insights

1. Public-Private Intelligence Sharing Gaps at RSAC

[01:00–04:00]

• Persistent Barriers: Panelists at RSAC lamented ongoing obstacles to real-time info sharing between government and industry—especially highlighted by the absence of FBI/NSA at key panels.
• Case Study – Scattered Spider: Former FBI official Dave Scott references a thwarted proposal for a joint coordination cell due to "legal and approval barriers." The delay now feels significant as social engineering becomes a key attack vector.

  “Phone based social engineering has become the second most common initial access method and the leading tactic for cloud intrusions. Underscoring the missed opportunity...” (Narrator, 01:20)

• Impact on Detection: Private companies, often targeted first, detect threats before government; timely sharing is increasingly critical, especially with AI accelerating attacker speeds.
• Empty Chair Metaphor: An entire panel on Chinese cyber campaigns proceeds without any government presence—visibly reinforcing partnership gaps.

2. News Roundup: Major Threats, Leaks, and Policies

[04:05–11:00]

DarkSword Spyware Leak

• [04:45] Newer iPhone hacking toolkit "DarkSword" leaked to GitHub; low technical skill needed.
• Scope: Hundreds of millions potentially exposed, especially on outdated iOS.
• Attribution: Past use tied to Russian-state attacks on Ukraine.

FCC Blocks Foreign-Made Routers

• [06:00] Under the Secure Networks Act, all foreign-made consumer routers blocked from approval due to supply chain risks, though current devices are grandfathered in.

  "Critics note most routers, including those from Cisco and Netgear, are manufactured abroad, leaving few domestic alternatives beyond Starlink Wi-Fi router." (Narrator, 06:40)

Citrix NetScaler Vulnerability

• [07:10] Citrix issues a critical patch; SAML vulnerability can cause memory disclosures and session leaks.
• Immediate Patching Urged: Single sign-on systems especially at risk, even though no exploits seen yet.

US Department of Energy (DOE) Cybersecurity Plan

• [08:00] DOE unveils a five-year strategy advancing OT security, grid hardening, and incident response—amid concerns of underfunding and small utility gaps.

“Canister Worm” Supply Chain Attack

• [08:50] Malicious code spreads through 45+ npm packages after Aqua Security credentials are stolen; uses blockchain for command control, making eradication difficult.

  "On Kubernetes networks in Iran, it deploys destructive wiping malware, while elsewhere it installs a backdoor." (Narrator, 09:25)

Quest Software Kace Exploitation

• [09:45] Active exploitation of a critical authentication bypass; attackers create admin accounts, harvest credentials, and gain lateral movement.

Major Data Breach: Qualm Partners (Healthcare)

• [10:15] 3.1 million affected—including private health data. Breach lasted two days in December 2025.

Russian Initial Access Broker Sentenced

• [10:55] Alexei Volkov receives 81 months for enabling ransomware attacks causing $9 million+ in losses.

  "He agreed to pay restitution and forfeit equipment used in the attacks." (Narrator, 11:00)

3. RSAC Field Notes: "Intern Kevin" Segment

[11:05–11:58]

• Kevin McGee: Microsoft’s startup cybersecurity lead, playfully “interning” at RSAC.
  • Comic Relief:

    “The intern budget is not really all that great...I had to make four stops on my flight here, but I have no idea why two of them had to be at the same airport. But it’s all worth it.” (Kevin McGee, 11:18)

  • Coverage Plan: Will report unseen stories, highlight unsung SOC heroes, and showcase innovative tech.

In-Depth Interview: Jake Braun on DEFCON 33 Hackers Almanac

[14:41–28:50]

Overview and Purpose

[14:41]

• DEFCON 33 Hackers Almanac: A compilation aiming to bridge understanding between government, the public, and the hacking community.

• Bridging the Gap: Many policymakers lack technical training; hackers are skeptical of "the Hill’s" understanding—creating mutual gaps in communication.

  “You have to kind of really explain this stuff in a way that these folks…can understand the relevance.” (Jake Braun, 15:28)

Notable Topics from the Almanac

1. Digital Preservation Against Despots – “Power Down with Despots”

[17:33]

• Global Connectivity: The last two billion people are coming online, often living under repressive regimes or extreme poverty.

  “...if the government wipes your culture from the Internet like they’re doing to the Uyghurs in China, then in 200 years, is your culture even going to exist?” (Jake Braun, 18:23)

• Case Studies:
  • Ukraine: Hackers digitally backup museum art as a bulwark against “digital genocide.”
  • Mesh Networks in Taiwan: Testing protocols (e.g., Meshtastic) to maintain communications if undersea cables or satellites are disabled during conflict.

2. Hacker Ethos Across Decades

[22:18]

• The spirit of resistance and subculture preservation is at the heart of hacker culture—something host Dave Bittner finds inspiring to see revived.

  “...the spirit of keeping fighting a power, but also keeping these important subcultures alive.” (Dave Bittner, 22:18)

3. Youth Innovation & Surveillance Concerns

[22:58]

• High School Hackers (“Nix” & Reynaldo Buho): Discovered vape detectors in schools had hidden microphones.

  “Why would anybody who is trying to prevent the vaping need to listen to what people are talking about in the bathroom?” (Jake Braun, 23:22)

• Raises chilling questions about privacy and surveillance, particularly for vulnerable student populations.

4. Bio-Cryptography

[25:36]

• Storing Data in Human DNA: Highlighted as avant-garde, with potential to exfiltrate key information across borders.

  “Storing information in human DNA is about as cool and cutting edge as it gets.” (Jake Braun, 25:36)

• *Researcher Dr. James Utley described as leading this area.

5. DEFCON Franklin and Cyber for Underserved Water Utilities

[26:38]

• Almanac is just one part: DEFCON Franklin recruits hackers to volunteer for local water utilities—a sector newly prioritized for security, but sorely lacking resources.

  “...it’s us or nothing. And so we’ve had a whole host of folks from DEF CON step up for this…” (Jake Braun, 27:16)

• Call to Action: Listeners are asked to connect local municipalities in need with DEFCON Franklin.

Memorable Quotes

• On Hacker-Policy Culture Clash:

  “There’s such a… justified skepticism about… folks in D.C. not understanding a lot of the technologies and then potentially creating harmful legislation…” (Maria Varmazes, 15:01)

• On Global Digital Access and Repression:

  “We’re in the process of connecting basically the last 2 billion people… and those 2 billion are the last 2 billion for a reason.” (Jake Braun, 17:45)

• On Surveillance in Schools:

  “It’s a sacred space, the bathroom. Honestly, you just don’t expect surveillance in the bathroom.” (Dave Bittner, 24:16)

• On New Generations of Hackers:

  “We need this next generation to step up. If you look at the folks who started this whole thing back in 92 or 93… they’re getting a little long in the tooth at this point.” (Jake Braun, 24:34)

Timestamps - Segment Highlights

• 01:00–04:00: Public-private info sharing gaps at RSAC
• 04:45: DarkSword iPhone spyware leak
• 06:00: FCC router ban
• 07:10: Citrix NetScaler vulnerability
• 08:00: DOE 5-year cybersecurity plan
• 08:50: Canister Worm npm supply chain attack
• 09:45: Quest Software Kace exploitation
• 10:15: Qualm Partners healthcare breach
• 10:55: Conviction of Russian access broker
• 11:05–11:58: Kevin McGee RSAC "Intern" segment
• 14:41–28:50: Jake Braun on DEFCON 33 Hackers Almanac: bridging hacker-policy divide, protecting at-risk communities, new hacker research, DEFCON Franklin’s water utility project

Closing Feature: "Slow LLM" Tool

[30:09]

• Artist Sam Levine’s “Slow LLM”: Slows down chatbot responses, designed as a reflection on reliance on generative AI for human creativity. Described with tongue-in-cheek humor.

Summary

This episode artfully blends urgent cybersecurity news, thoughtful analysis of institutional gaps, and the passionate, often playful, heartbeat of the hacker community as seen at RSAC and DEFCON. Through news, expert insights, and inspired storytelling, listeners are given a clear sense of the ever-evolving landscape—and hacker culture’s enduring drive to defend the underdog, protect culture, and keep institutions accountable.

For links to all stories and further reading, visit the CyberWire's daily briefing at thecyberwire.com