Podcast Summary
Daily Cyber Threat Brief – Ep 1095
Date: March 24, 2026
Host: Dr. Gerald Auger, PhD
Podcast: Simply Cyber Media Group
Episode Overview
This episode, broadcast live from San Francisco during RSA Conference Week, delivers an engaging breakdown of the top cyber security news stories shaping the industry on March 24, 2026. With actionable advice, technical insights, and real-world context, Dr. Gerald Auger dives into each headline while engaging the Simply Cyber community. The tone is upbeat, candid, occasionally irreverent, and loaded with practical wisdom for security professionals and aspiring cyber practitioners.
Key Topics & Discussion Points
1. Dark Sword iPhone Exploit Leaked on GitHub
[13:16]
- What Happened: A new version of "Dark Sword"—a powerful iPhone hacking toolkit—was leaked on GitHub, making it easy to attack iOS devices running outdated versions.
- Impact: The exploit requires little skill to use and can steal messages, contacts, and passwords. Apple has patched it, but about 25% of iPhones globally remain unpatched and vulnerable.
- Jerry’s Take:
- “The best part about this…just patch your stuff. Like, I don’t understand why we can’t patch things. Why can’t we have nice things, right?”
- Strongly recommends prompting executives (who likely use iPhones) to update ASAP.
- Suggests showing off the exploit in demo videos (safely) for educational/awareness content.
- Advice: If you or your org can't patch for some reason, use iPhone’s Lockdown Mode (but expect limited device functionality).
2. Google’s Gemini AI Agents Monitor the Dark Web
[18:53]
- What Happened: Google launches Gemini AI agents to monitor the dark web, parsing up to 10 million posts daily to spot data leaks, insider threats, and credential sales, claiming 98% accuracy.
- Key Features:
- Builds custom org profiles.
- Tracks hundreds of threat groups.
- Automates threat investigation and response in Google SecOps.
- Caveats & Analysis:
- Jerry: “This feels like a lot of sizzle, not a lot of steak.”
- AI is powerful for ingesting and analyzing text, but access to closed or invitation-only dark web forums is limited.
- Practical questions remain: How do orgs actually deploy and use this, and what is the real maintenance effort?
- Noted risk: Many security tools promise to reduce staffing burden, but often just add new responsibilities without enough support.
3. Aqua Security Trivy CI/CD Supply Chain Attack
[29:22]
- Incident: Aqua Security's popular open-source vulnerability scanner, Trivy, suffered a supply chain attack. Malicious Actors injected credential-stealing malware into certain Docker images deployed via GitHub Actions.
- Attacker Details: Team PCP, a threat group now expanding into worms, ransomware, and destructive attacks.
- Technical Insight:
- Jerry recommends security professionals get familiar with CI/CD pipeline basics and references a useful Naomi Buckwalter talk.
- “All this is, is trojanized software...a perfect example of a Trojan.”
- Practical Remediation:
- If using Trivy, check your running versions and update to 0.69.3 or later (the known clean version).
- If you’ve deployed a compromised image, prepare for mass credential rotation.
- Multi-factor helps, but isn’t a silver bullet: “All [MFA] is going to do is buy you time.”
4. Mandiant Vishing Threats Surpass Email Phishing
[36:28]
- Headline: Voice phishing (vishing) has eclipsed traditional email phishing, now accounting for 11% of incidents, with email phishing dropping to 6%. Exploited vulnerabilities remain the #1 entry point (32%).
- Commentary:
- Jerry: “How’s this news? Social engineering village at DEFCON’s been doing this for years.”
- The youth-driven “Comm” threat actor coalition (Scattered Spider, Lapsus$, ShinyHunters) is behind much activity, especially targeting help desks for password resets.
- Key tactic: Call helpdesk, gather info, then impersonate internal staff.
- Advice: “Educate your end users, educate your workforce.”
- The attack is hard to stop—train for verification and cautious call-back practices.
5. Mandiant/Google Threat Trends: Faster Initial Access Handoff
[46:35]
- Data Point: The time between initial access and handoff to a secondary attacker fell to just 22 seconds in 2025, from 8 hours in 2022. Median dwell time rose to 14 days.
- Jerry breaks down:
- “The lone wolf hacker...that’s not what’s going on anymore. It’s very much like specialization. Initial access brokers is a whole thing.”
- Automation drives instant credential distribution/sale in the criminal ecosystem. “It’s like Netflix for creds—as they come in, they just show up in the feed.”
6. Russian Android Spyware ‘ClayRat’ Collapses
[53:31]
- Story: The ClayRat spyware operation, linked to Russian actors and targeting Russian users via fake apps, collapsed following the developer’s arrest and technical blunders.
- Jerry’s tongue-in-cheek guidance:
- “If you’re gonna do it...A) amazing OPSEC, B) live in an Eastern European country and not travel anymore, and C) get good at laundering cryptocurrency.”
- Points out Russia’s tendency to tolerate cybercrime targeting foreign adversaries, but not internal attacks.
7. Ransomware: Trio Tech and Semiconductor Subsidiary Breach
[56:16]
- Incident: Gunra ransomware attack encrypts systems at a Singapore-based semiconductor subsidiary.
- Response: Standard IR playbook: Systems offline, law enforcement notified, third-party investigators and cyber insurance engaged.
- Advice: “If you don’t have cyber insurance, get it. Not just for post-incident payouts, but to access third-party incident response quickly.”
8. Mazda Discloses Supply Chain Data Breach
[60:01]
- What happened: An exploited vulnerability in a third-party warehouse management system exposed partner data (IDs, emails, names, etc.), not customer info.
- Notable point: The breach was not in Mazda systems, but they must own the incident.
- Jerry:
- “It looks like Mazda did nothing wrong, yet the story is ‘Mazda Security Breach’...that’s third-party risk for you.”
9. AI Security at RSAC – Humans ‘On the Loop’
[61:57]
- Trend: Industry leaders at RSA Conference state that “human-on-the-loop” guidance is needed, not direct daily oversight, as AI automates defense tasks (fraud detection, workflow, etc).
- Risks Highlighted: Data security, prompt injection, and governance.
- Jerry, skeptical:
- “I could’ve written this playbook...It’s all about straight cash. Labor is the #1 expense.”
- Warns against reckless AI deployments or “shiny object” syndrome without strong governance.
Notable Quotes & Timestamps
- On Patch Management:
- “Just patch your stuff. Like, I don’t understand why we can’t patch things. Why can’t we have nice things, right?” — Gerald Auger [17:10]
- On Security Product Sales:
- “You should always ask, what’s it going to take to deploy, and what’s the ongoing maintenance commitment from a HUMAN capital perspective?” — Gerald Auger [24:48]
- On Specialization of Attackers:
- “The lone wolf hacker...that’s not what’s going on anymore. It’s very much like specialization.” — Gerald Auger [47:20]
- On Voice Phishing:
- “Educate your end users...It’s really hard to stop someone from taking a phone call.” — Gerald Auger [37:38]
- On AI’s role in Cybersecurity:
- “We’ve gone from 'human in the loop' to 'human on the loop.'” — Gerald Auger [62:48]
Community Engagement & Memorable Moments
- Welcoming first-timers throughout, building a positive, inclusive vibe: “Welcome to the party, pal!” [00:01+]
- RSA Conference flavor: “RSA is like the money conference of cyber security...VCs, investors, and startup deals all go down here.” [45:07]
- Humor:
- Comparing climbing San Francisco hills to “walking up a step ladder.”
- Running jokes about audio setup: “Road Warrior Jerry is not holding up so great.”
- Tidbits Tuesday: No heavy fact; instead, a fun aside about travel, body-clock woes, and San Francisco’s hilly terrain [45:07]
Community Q&A: Jawjacking with Eric Taylor (Barricade Cyber)
[66:29+]
- Shiny Hunters/Crunchyroll Breach Origins: Speculation about how certain threat actors operate and brand-switch.
- Double Router Home Security: Running two routers can marginally increase risk (attack surface expands), so segment purposefully and keep both patched.
- Reporting Cyber Risk: The real miss is not tying vulnerabilities to actual business impacts and downtime—translating technical risk into dollars.
- SoC vs GRC Career Entry: Both are entry-level friendly; choose based on whether you like technical/hunting or documenting/compliance.
- UAS/UAV Ransomware: Growing forensics interest; complexity is increasing in drone forensics, especially in maritime domains.
Final Thoughts
This episode blends expert news analysis with relatable humor and authentic community camaraderie. Hot takes are balanced with practical, experience-based guidance. The key threads: Stay patched, stay skeptical of security product hype, watch evolving threat actors and attack patterns, and keep building your network and knowledge—especially during conference weeks like RSAC.
Useful Links Mentioned
This summary reflects the conversational, insightful, and engaging tone of the Daily Cyber Threat Brief, episode 1095. It captures news takeaways, strategic advice, and the energy of the Simply Cyber community for anyone who couldn’t listen live.