Three Buddy Problem

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit. Plus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world. We also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works. Plus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 58: The buddies react to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold rush, the promise and hype, and the gamble for startups versus the slow-moving advantage of incumbents. We revisit the Chinese "cyber militia" discussion and the looming AI “dot-com bubble,” the value of owning infrastructure, Nvidia and export controls, China’s manufacturing edge, and the geopolitics of supply chains. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 57: Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access. Plus, the future of SOC automation to AI-assisted pen testing, how agentic AI could transform the cyber talent bottlenecks and operational inefficiencies, geopolitical debates over backdoors in GPUs and the strategic implications of China’s AI model development. Cast: Brandon Dixon, Juan Andres Guerrero-Saade, and Ryan Naraine.

Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps. Cast: Dakota Cary, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 54: Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes. Plus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found SQLite zero‑day, and OpenAI’s new task‑running agents. Meanwhile, Ukraine’s hackers wiped a Russian drone maker, ransomware crippled a major vodka producer, and another Chrome zero‑day quietly underscored how routine critical exploits have become. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? Plus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research. Plus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all. Hamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions. Cast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes. Plus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”. Plus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium. Cast: Ryan Naraine, Costin Raiu and Mikko Hypponen Juan Andres Guerrero-Saade is out this week at Sleuthcon.

Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion. Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology. We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots. The back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. Along the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it. Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors. Plus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. Cast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine. Costin Raiu is away this week.

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 41: Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh. We also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 40: On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 39: Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets and the future of CISA in the face of budget cuts and layoffs. Cast: Katie Moussouris, Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 36: Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. We also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused ops. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 35: Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 33: In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference. From wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 32: In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative. Beyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Dennis Fisher. Ryan Naraine in on work travel.

Three Buddy Problem - Episode 30: We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 29: Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 28: In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 27: We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 26: We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day! Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 25: An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Three Buddy Problem - Episode 24: In this episode, we did into Lumen/Microsoft’s revelations on Russia's Turla APT stealing from a Pakistani APT, and issues around fourth-party espionage and problems with threat actor attribution. We also discuss Citizen Lab’s findings on Monokle-like spyware implanted by Russian authorities, the slow pace of Salt Typhoon disinfection, the Solana web3.js supply chain attack affecting crypto projects, and the Romanian election crisis over Russian interference via TikTok. Cast: Juan Andres Guerrero-Saade, Costin Raiuand Ryan Naraine.

Three Buddy Problem - Episode 23: Volexity founder Steven Adair joins the show to explore the significance of memory analysis and the technical challenges associated with memory dumping and forensics. We dig into Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon intrusions. We also cover news on a Firefox zero-day exploited on the Tor browser, the professionalization of ransomware, ESET's discovery of a Linux bootkit (we have a scoop on the origins of this!), Binarly research on connections to LogoFAIL, and major visibility gaps in the firmware ecosystem. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek). Honorary buddy: Steven Adair (Volexity)

Episode sponsors: Binarly (https://binarly.io) Binary Risk Hunt (https://risk.binarly.io) In this reboot of the Security Conversations interview series, Foundation Capital partner Sid Trivedi weighs in on major changes to the RSA Innovation Sandbox, the mandatory $5M uncapped SAFE investment for all 10 finalists, and red-flag concerns around discounts and pro-rata rights. Also discussed: controversial pay-for-play dynamics involving CISOs and venture capital firms, ethical implications of CISOs taking advisory positions in startups, and the challenges of investing in seed-stage startups amidst a trend towards platformization.

Three Buddy Problem - Episode 22: We discuss Volexity’s presentation on Russian APT operators hacking Wi-Fi networks in “nearest neighbor attacks,” the Chinese surveillance state and its impact on global security, the NSA's strange call for better data sharing on Salt Typhoon intrusions, and the failures of regulatory bodies to address cybersecurity risks. We also cover two new Apple zero-days being exploited in the wild, the US Government’s demand that Google sell the Chrome browser, and the value of data in the context of AI. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks. Plus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 20: We revisit the ‘hack-back’ debate, the threshold for spying on adversaries, Palo Alto watching EDR bypass research to track threat actors, hot nuggets in Project Zero’s Clem Lecinge’s Hexacon talk, Apple’s new iOS update rebooting iPhones in law enforcement custody, the mysterious GoblinRAT backdoor, and physical ‘meatspace’ Bitcoin attacks and more details on North Korean cryptocurrency theft. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 19: We explore Ivan Kwiatkowski’s essay on the limits of threat intelligence, Sophos using kernel implants to surveil Chinese hackers, the concept of ‘hack-back’ and legal implications, geopolitical layers of cyber espionage, CIA malware in Venezuela, Vatican/Mossad mentioned in high-profile Italy hacks, and Canada bracing for .gov attacks from India. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 18: This week’s show covers the White House's new Traffic Light Protocol (TLP) guidance, Reuters expose of Appin as a hack-for-hire mercenary company, Fortinet zero-day exploitation and missing CSRB investigations, major cryptocurrency heists, Apple opening Private Cloud Compute to public inspection, Russians removed from Linux kernel maintenance and China’s Antiy beefing with Sentinel One over APT reporting. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 17: News of a wiper malware attack in Israel implicating ESET, threats from wartime hacktivists, China's strange response to Volt Typhoon attribution and Section 702 messaging, an IE zero-day discovery and web browser rot in South Korea, the ongoing isolation of Kaspersky due to sanctions, and the geopolitical influences affecting cybersecurity reporting. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia’s APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 15: Juanito checks in from Virus Bulletin with news on the return of Careto/Mask, a ‘milk-carton’ APT linked to Spain. We also cover the latest controversy surrounding IDA Pro's subscription model, a major new YARA update, and ongoing issues with VirusTotal's value and pricing. The conversation shifts to North Korean cyber operations, particularly the infiltration of prominent crypto companies, Tom Rid's essay on Russian disinformation results, and the US government's ICE department using commercial spyware from an Israeli vendor. Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 14: The buddies are back together for a discussion on Juan’s LABScon keynote and mental health realities, Microsoft rewriting the Windows Recall security architecture, a new CVSS 9.9 Linux CUPS flaw, Kaspersky's controversial transition to Ultra AV, and the intelligence operations surrounding exploding pagers in Lebanon. (This episode is dedicated to the memory of Jeff Wade from Solis, who was an important part of the LABScon family.) Cast: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh) and Ryan Naraine (SecurityWeek).

Three Buddy Problem - Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact. Cast: Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.