CyberWire Daily - Policy drops and phishing pops.
Episode Date: March 23, 2026The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control, while Russian operators phish Signal users. Authorities dismantle a mas...sive fake CSAM network, Tycoon 2FA rebounds after disruption, VoidStealer debuts a stealthy Chrome key-theft trick, QNAP patches Pwn2Own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. Plus, our Monday business breakdown. Brandon Karpf and Maria Varmazis ponder the practicality of orbital data centers. One radio to rule the range. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K CyberWire’s Dave BIttner and Maria Varmazis are joined by Brandon Karpf to discuss the practicality of orbital data centers. Selected Reading President Donald J. Trump Unveils National AI Legislative Framework (The White House) FBI warns of Handala hackers using Telegram in malware attacks (Bleeping Computer) Russian hackers target Signal users in phishing campaign, FBI and CISA warn (Cybernews) Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network (Hackread) Tycoon 2FA Fully Operational Despite Law Enforcement Takedown (SecurityWeek) VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation (GB Hackers) QNAP Patches Four Vulnerabilities Exploited at Pwn2Own (SecurityWeek) CISA Orders US Government to Patch Maximum Severity Cisco Flaw (Infosecurity Magazine) Surf AI has emerged from stealth with $57 million in funding led by Accel. (N2K Pro Business Briefing) Military ‘Smartphone’: Comms, Jammer, Drone Control And More In One (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
One Plus 1 equals more of the greatest stories.
Hulu on Disney Plus.
Stories about...
Our survivors.
Watched us.
The most dangerous planet.
Family.
Retribution.
Murder.
Prophecy.
Beer and propane.
Bally doing it.
Blake Panther.
The ultimate soldier.
Chicago.
All right.
The best of the best stories now with even more from Hulu.
Amazing.
Have it all with 3-1 Disney Plus.
The White House rolls out its AI legislative framework.
The FBI warns Iranian actors are using telegram for command and control while Russian operators fish signal users.
Authorities dismantle a massive fake CSAM network.
Tycoon 2FA rebounds after disruption.
Void Steeler debuts a stealthy chrome key theft trick.
QNAP patches poned to own flaws and Sisa orders urgent fixes for a critical Cisco firewall
bug. We got our Monday business breakdown. Brandon Karp and Maria Vermazas ponder the practicality of
orbital data centers and one radio to rule the range. It's Monday, March 23rd, 26. I'm Dave Bittner,
and this is your Cyberwire Intel briefing. Thanks for joining us here today. We are coming to you
from San Francisco, the city by the other bay, at the RSAC-26 conference, where the bad
are large, the coffee is essential, and just about every booth appears to have discovered the
life-changing magic of agentic AI. This week, we're attending presentations walking the show floor
to see what's new, what's improved, and what's now apparently autonomous, sitting down with
industry leaders to hear what's actually changing beneath the buzzwords. We'll bring you interviews,
insights, and a few field reports from cybersecurity's busiest gathering place. We're glad you're with us.
Last Friday, the White House released their National Policy Framework for Artificial Intelligence Legislative Recommendations.
The document outlines proposals for Congress to balance innovation, rights protections, and national competitiveness through a unified federal AI strategy.
The framework emphasizes stronger safeguards for children, including age assurance tools, limits on data use, and protections against exploitation and deep fake abuse.
It calls for support for small businesses, infrastructure permitting reforms,
and expanded federal technical capability to assess national security risks from advanced AI systems.
The plan also addresses intellectual property by encouraging courts to resolve disputes over training on copyrighted material
and considering licensing mechanisms and protections against unauthorized digital replicas.
It promotes First Amendment protections by limiting government.
government pressure on platforms to alter lawful content.
Additional recommendations include regulatory sandboxes,
expanded access to federal datasets,
workforce training initiatives,
and federal preemption of burdensome state AI laws
to avoid fragmented regulation
while preserving certain state authorities.
The FBI warned that Iranian hackers
linked to the Ministry of Intelligence and Security,
are using telegram as command and control infrastructure in malware campaigns,
targeting journalists, dissidents, and critics of the Iranian government worldwide.
The activity is tied to the Handala and Homeland Justice threat groups,
with Homeland Justice linked to the Islamic Revolutionary Guard Corps.
Attackers rely on social engineering to deploy Windows malware
that steals screenshots and files,
leading to intelligence collection, data leaks, and reputational damage.
The alert follows FBI seizures of four domains used to publish stolen data.
Officials also highlighted a related Handela attack on Stryker
that wiped roughly 80,000 managed devices.
Separately, the FBI and Sisa warned that Russian-linked actors
are fishing signal users by impersonating the platform's support team.
Attackers send urgent messages about suspicious activity to trick victims into sharing verification codes,
clicking malicious links, or scanning QR codes.
This can give attackers full account access, exposing chats and contacts.
Official stress the campaign relies on social engineering, not encryption flaws,
and primarily targets journalists, activists, and other sensitive information holders.
An international law enforcement effort led by Europol and German authorities
dismantled more than 373,000 dark websites tied to a cybercrime network built around the Alice with Violence CP platform.
The operation called Operation Alice ran March 9th through March 19th of this year
and involved agencies from 23 countries.
Investigators say a single operator managed hundreds of thousands of,
of onion domains that posed as marketplaces for illegal material and cybercrime-as-a-service offerings,
but primarily collected cryptocurrency without delivering services.
Authorities seized over 100 servers, identified about 440 users,
and issued an arrest warrant for a China-based suspect who allegedly earned more than
$345,000 euros. Officials warn the case shows how automation and anonymized,
hosting enable rapid scaling of dark web crime networks.
The Fishing as a Service platform Tycoon 2FA has quickly recovered after a coordinated
disruption effort by Europol, Microsoft, and partners, according to CrowdStrike.
Active since 2023, the subscription service enables attackers to bypass multi-factor authentication
and conduct large-scale fishing campaigns. It accounted for 62.5%. It accounted for 62%
percent of fishing attempts blocked by Microsoft in 2025, generating more than 30 million malicious
emails monthly and affecting roughly 96,000 victims. Authorities seized 330 domains in early March,
briefly reducing activity to about 25 percent of normal levels, but operations soon return to prior
volumes. The platform's tactics remain unchanged, supporting business email compromise,
session cookie theft, and cloud account takeover.
Researchers say the disruption likely slowed customers temporarily
but did not significantly weaken the service long term.
A new version of Void Steeler is the first observed in the wild malware
to bypass Google Chrome application-bound encryption
using a debugger-based technique that extracts the browser's V20 MasterKee
directly from memory. Unlike earlier methods, the approach avoids system-level privilege escalation
and browser code injection, reducing detection risk, while still exposing cookies and credentials.
The malware attaches to a hidden browser instance as a debugger, sets hardware breakpoints,
and intercepts the key during normal decryption. It then decrypts protected data offline from
browser databases, effectively undermining ABE protections for that profile.
Researchers note the technique builds on open-source tooling and may spread to other infostealers.
Defenders can detect activity by monitoring debugger attachments to browser processes,
unusual memory-read behavior, and hidden browser launches from untrusted parents,
which remain uncommon in legitimate environments.
QNAP released patches for multiple vulnerabilities across its products, including four flaws in SD-WAN routers demonstrated at Pontehoun, Ireland, 2025.
The issues range from privilege escalation requiring physical access to information disclosure and administrator-level code execution risks.
Researchers from Team DDoS chained related bugs to gain root access during the contest.
QNAP also fixed critical flaws in QNetSwitch and QVR Pro that could enable remote access or arbitrary code execution.
The company said no active exploitation has been reported.
SISA ordered federal agencies to urgently patch a critical remote code execution flaw in Cisco Secure Firewall Management Center.
The vulnerability allows unauthenticated attackers to execute Java code as root,
and has been exploited as a zero-day by the Interlock Ransomware Group.
Sessa added it to the known exploited vulnerabilities catalog
with a three-day remediation deadline.
Amazon Web Services reported attackers used the flaw for persistence,
credential access, and lateral movement.
Turning to our Monday Business Breakdown,
several cybersecurity startups announced major funding rounds and acquisitions,
highlighting continued investor interest in AI-driven security platforms.
Surf AI raised $57 million, led by Excel to expand product development and enterprise adoption.
Native secured $42 million, including a $31 million Series A led by ballistic ventures,
while Bold Security and Onyx security each raised $40 million.
Kevlar AI added $30 million,
and Tracebit raised $20 million for product expansion.
Cleefie secured $12 million euros,
and Manifold closed an $8 million seed round.
Separately, K2 Integrity acquired Leviathan Security Group
and Connectus Business Solutions acquired I7 technologies
to expand regional support.
There's much more in our business brief on our website,
which is part of Cyberwire Pro.
Do check it out.
Coming up after the break,
Brenn-Carp and Maria Mousis ponder the practicality of orbital data centers
and one radio to rule the range.
Stay with us.
No, it's not your imagination.
Risk and regulation really are ramping up,
and these days customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust
together on one AI-powered platform.
So whether you're getting ready for a SOC2
or managing an enterprise governance risk and compliance program,
Vanta helps keep you secure and keeps your deals moving.
Companies like Ramp and Writers spend 82% less time on audits with Vanta.
That means less time chasing paperwork and more time focused on growth.
For me, it comes down to this.
Over 10,000 companies from startups to large enterprises,
trust Vanta to help prove their security.
Get started at Vanta.com slash cyber.
Getting ready for a game means being ready for anything.
Like packing a spare stick.
I like to be prepared.
That's why I remember, 988, Canada's suicide crisis helpline.
It's good to know, just in case.
Anyone can call or text for free confidential support
from a train responder anytime.
988 suicide crisis helpline is funded by the government in Canada.
It is always my pleasure to welcome back to the show, two of my most favorite people in the world.
Of course, I'm starting out with Maria Vermazas, who is our contributing host here at N2K Cyberwire.
Maria, welcome.
Hey, thanks.
And Brandon Karp, who is the director of public-private partnerships at NTT.
Brandon, welcome back.
Top of the day to you, sir.
So, Maria, I'm going to let you take the lead here because you wanted to base our conversation today off of some posting that our friend's
Brandon has been making over on LinkedIn lately.
Why don't you bring us in here?
All right.
So it's not every day I get to talk to a LinkedIn celebrity, Brandon, but here you are.
How does it feel to go viral on LinkedIn?
Oh, God.
I don't think I like that.
Well, it happened.
The premise of how you went viral is essentially, if I'm going to nutshell this as best I can,
you were looking at the hype around the idea of orbital data center.
that may or may not have been centered around some stuff that Elon Musk said,
but not exclusively him.
And you hashtag did the math, but you literally did the math on whether or not,
you really very literally did the math,
on whether orbital data centers make a lick a sense or if it's all hype.
And the thing that fascinates me is you publish all of your math.
You went through your entire, how would you describe the entire process
of how you came to all of your conclusions
in the 40,000 word essay, something like that.
I basically, like, cranked open my cranium
and just let everyone see my thought process.
Got a big old ice cream scoop and just...
And it was space balls themed also,
which made it really excellent.
So somehow you managed to tie space balls
into pretty much every point that you made,
which was... My hat is off to you, sir.
That was quite amazing.
So that was your first post that you did about this.
where some of the questions were things like,
how on Earth would you cool something like that?
How on Earth would this make any sense?
What would the latency be?
You asked all these really good questions
that I didn't even know to ask.
But what was your conclusion from that first post you made
on orbital data centers?
Yeah.
And this all, you know, as you pointed out,
starts with Space Balls.
Because Spaceballs is my personal favorite movie.
I think that anything Mel Brooks does is brilliant.
Amen to that.
And I love the absurdity of it.
And I thought that the absurdity of satire like spaceballs just perfectly encapsulates the results of my math.
And yeah, as you said, merger of XAI and SpaceX, but also a number of other companies talking about AI training in space.
Basically, people are looking for ways of getting around the bottlenecks on Earth.
And that's primarily around electricity generation and water needs for data centers.
There's no secret in this country,
places like Virginia, Loudoun County,
getting real upset with all the data centers going in there,
the cost of electricity.
There's even proposed legislation in some states
to ban data centers from states.
So, I mean, this is a big thing.
And so people are looking for other ways of doing this,
of training.
And so there have been a number of proposals about,
okay, let's just put it in orbit, right?
Solar panels, the sun's there, free electricity, yada, yada, yada.
And my favorite phrase that is,
incorrect because space is cold and that makes me go
space is cold right
um space is a vacuum i am holding back because
that is my number one question is how you
cool these dang things in the vacuum of space that is a very good
question i will let you continue so so the
the first post i just wanted to get my head wrapped around the
constraints and and caveat here i'm not a space engineer
uh aerospace engineer i my background is actually
uh mechatronics engineering so it's like electrical and control
systems, but then computer science. So getting as far away from physical things as possible
is basically my background. But I have taken thermodynamics classes and such. And so I basically
went through, in my own amateurish way, every sub-system, every major subsystem of a satellite
to figure out where the constraints were for a data center in space on a satellite.
My gut had said it was going to be a cooling issue because space is a vacuum, which means that
the only way you can cool is through radiation,
is actually sending IR infrared radiation out into space.
And depending on where you are in space,
space can be either very hot or very cold.
You know, depending on your orientation and kind of...
How close you are to a star and all that stuff.
Yep.
And so, you know, I went through each subsystem.
You know, subsystems like the avionics,
like the heat transfer system, like power generation,
you know, the compute system, the engine that actually kind of, you know,
called the ADCS that manages and flies the thing, and figured out, you know,
in my rough amateur way, if it was feasible.
And my first post, yeah, go ahead.
I wanted to say, but also you were very generous in your math.
Like, Pye was three and cows were all spherical,
but also to the benefit of the orbital data centers.
Like, you were giving them that benefit as opposed to going really,
like back at the napkin math that would be really against it.
So you're like giving them every.
opportunity to work.
I was trying.
You were trying.
Like any good engineering,
engineer I was rounding up.
Right?
So the conclusion of the first piece was this idea makes no sense because what I conclude
is the size of a satellite because of the amount of solar panels that you need to power
these things to have enough GPUs on the satellite and the size of the radiators would
basically make these extraordinarily large structures in space, you know, larger than anything
we've ever built, ever imagined, to have, you know, even a few, you know, up to like 64 or 128
GPUs on a single satellite. But that was just the first post. That was, and I wanted to, I wanted to,
I'm so glad you mentioned that because you basically did science in real time. You were iterating
and you were letting us all in on your process. And I love that because just your first post got so
many comments. Oh, my God. And I'm so sorry, but also it was great because it was just like
the entire aerospace industry was like chiming in and they didn't appreciate you throwing cold
water on this. But you then made a second post, which had even more math. And you reached some
interesting conclusions from that. And I thought this was awesome. So walk us through this one.
Yeah. So what happened after that first post is actually a number of legitimate aerospace engineers
reached out to me, including the CTO of a company called StarCloud, who in November launched
a Nvidia GPU on a small satellite, single GPU, and is flying it today, right?
It's up there in low Earth orbit.
And he reached out and he told me kind of where some of my assumptions were wrong, especially
around heat transfer, especially around how I was modeling heat transfer.
And he told me kind of, he pointed me in a direction of refining my model.
when I did that, it actually, on terms of the things that I thought were constrained, power generation
and heat transfer, those things actually became not constraints. I mean, they are certainly a challenge,
but with technologies that are even in existence today, but especially in development over the next five
years, power generation and heat transfer, not as much of an issue. But it gave me an opportunity
to dive into a part of my model that I had not explored in detail in the first piece,
which is the communications portion of the model.
And actually how we communicate data, because if you're going to do any sort of cloud
computer, AI training, or what have you, you got to get data either between satellites
or from satellites to ground to make it useful.
And that started revealing some really interesting implement.
applications, especially around, kind of cloud compute and security and what eventually became a cyber story.
Yeah. So how did it end?
So what I discovered in modeling communications and looking at the technologies available for inter-satellite communications and then space-to-ground communications is even the best of class today, optical inter-satellite links and then optical satellite to ground links,
the most capable today can only do about 100 gigabits per second in terms of bandwidth.
And on test beds, the most capable optical link that has been proven in a lab is only 400 gigabits per second.
And then there's some early technologies that look like with interesting multiplexing,
we can probably push that to one terabit per second.
all of that sounds like a lot.
But in order to properly communicate between GPUs in a cluster for AI training,
you need 14 terabits per second.
And that's kind of the baseline for NVLink 5.0,
which is the Nvidia platform that allows communication between training clusters of GPUs.
And so this constraint of the fact that we maybe can get to 0.4 terabits per second, we need 14.4 terabits per second.
We are nowhere close to having the communications technology to be able to have clusters on different satellites.
So what that means is, I mean, that's a 36 times gap with the, you know, with future hardware.
That's stuff that hasn't flown yet, right?
the 400 gigabits per second, right?
Massive gap between those two.
So what that means is,
if we're going to do training,
AI training, the cluster has to be on one satellite.
Therefore, how many GPUs
can you put on one satellite to create a cluster?
And based on my more accurate physical model,
the maximum number of GPUs
that I could reasonably fit on a satellite in space
is about 128 GPUs,
which if you look at any of the kind of hyper-sylvania,
scale, you know, frontier model training, they're training with hundreds, a hundred thousand
GPUs, right?
Right.
So this is nowhere close.
Like a closet.
Right, right.
128 is what you need.
I mean, I know people who are out there playing video games with 128 GPUs, Brand.
Exactly.
I mean, I've got friends who have that literally in their basement.
Right.
It's, it doesn't even get you to a GPT3 class model.
Right.
So we're talking about models from four years ago that you might be able to train on one satellite.
And so, you know, because of the comms constraint, AI training is out the window.
I don't think that there's a way, I mean, unless you're doing really small, I mean, really, really small specialty models on a single satellite, you don't have enough communication bandwidth between satellites to do the internode communication.
inter-cluster communications.
And so everything has to be on a single satellite for that use case.
But what I did in this article is I actually looked at five different business models.
The five business models I looked at was AI training, AI inference,
public cloud, edge and CDN compute, content distribution network compute.
And then the last one I looked at was Sovereign Cloud.
And the final conclusion I came to is all of those business models,
AI training, AI inference, public cloud, edge compute, all of them either on technical means or on profitability means, don't make sense.
Just do not work in a space-based architecture.
The only one that I could turn a profit on that I think is legitimately possible, and this is, I think, an interesting cyber story, is sovereign cloud and sovereign compute.
Well, the concerns I have are when you're in orbit, somebody with an adversary can sidle up a satellite next to yours, and it's a lot harder to tell them, knock it off.
And then the obvious other one is one of your GPUs goes down, oh, let's just swap it out. Oh, sorry, can't. It's in orbit.
Right? I mean, yeah, totally. Totally. So I mean, so you're much more limited in terms of the flexibility of their architecture. Totally true.
You're much more limited in terms of obviously maintenance, obviously lifespan, right?
You know, maybe you can get five years from these things.
But Sovereign Cloud is not competing with terrestrial compute on performance.
It's not competing on speed.
It's not competing on elasticity.
It's not really even competing on cost, right?
What sovereign customers are buying is they're buying a price.
property of the deployment, which is where is this deployment? What laws are controlling this
deployment? How physically accessible is this data? One of the problems with terrestrial
data centers, say we have a data center in Singapore, is that anyone with the right credentials
can walk into that facility. And the right credentials could look like $5,000 in a brown paper bag.
All right. Well, I mean, that's fascinating. You've opened my eyes to some of the possibilities.
Yes, thank you so much, Brandon. Sorry, I was very quiet.
for the second half of this chat, I was having some internet problems. But this was a fascinating
chat. So thank you. Brandon Carp is director of public-private partnerships at NTT and Maria Vermazes
is our contributing host here at N2K Cyberwire. Thanks so much for joining us. Thanks, Dave.
At Medcan, we know that life's greatest moments are built on a foundation of good health,
from the big milestones to the quiet winds. That's why our annual health assessment offers a physician-led,
Full-body checkup that provides a clear picture of your health today.
And may uncover early signs of conditions like heart disease and cancer.
The healthier you means more moments to cherish.
Take control of your well-being and book an assessment today.
Medcan. Live well for life.
Visit medcan.com slash moments to get started.
At Desjardin, our business is helping yours.
We are here to support your business through every stage of growth.
From your first pitch to your first acquisition.
Whether it's improving cash flow or exploring investment banking solutions, with Desjardin business, it's all under one roof.
So join the more than 400,000 Canadian entrepreneurs who already count on us, and contact Desjardin today.
We'd love to talk. Business.
And finally, NXGenCom has unveiled Phoenix, a software-defined radio device that aims to do for the battlefield what the smartphone did for your podcast.
pocket, except with fewer selfies and more drone strikes. Built on military 5G foundations,
Phoenix can shift roles on demand, acting as a communications hub, jammer detector, drone controller,
or direction finder, sometimes all within a matter of moments. In a recent Army exercise, the 12-pound
unit identified a hostile jammer, adjusted its waveform to restore connectivity, calculated the
jammer's location within five degrees and dispatched a drone to confirm the target. From there,
it could guide strikes or relay coordinates, all while fusing sensor data in real time.
The catch is procurement. Phoenix replaces multiple systems at once, which sounds efficient
until each system belongs to a different office. Technology moves fast. Paperwork, a little less so.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast
where I contribute to a regular segment
on Jason and Brian's show every week.
You can find Grumpy Old Geeks
where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes
or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trang Hester,
with original music and sound design by Elliot Keltsman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibn.
Peter Kilpy is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Thank you.