Plus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world.

We also debate Google’s proposed “cyber disruption unit” versus Microsoft’s DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic’s report on real attacker use of Claude; note Amazon’s APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• NSA, Allies Report on Salt Typhoon
• UK and allies expose China tech companies
• Joint Advisory on Salt Typhoon (IOCs)
• Dutch providers targeted by Salt Typhoon
• Silent Control: The Hidden Penetration of MystRodX
• Google previews cyber ‘disruption unit'
• Anthropic report on misuse of Claude AI
• WhatsApp 0day exploited (iOS attack chain)
• RationalEdge - Intelligence Meets Accuracy
• LABScon Speakers 2025

The back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines.

Along the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Russian hackers hitting logistics companies supplying Ukraine
• CISA says Russian hackers targeting Ukraine war supply lines
• ViciousTrap: Turning edge devices into honeypots
• BadSuccessor: Abusing dMSA to escalate privileges in Active Directory
• Signal adds anti-screenshot to thwart Windows Recall
• Controversial Windows Recall gets security makeover
• Microsoft's International Criminal Court blockade
• Japan enacts active cyberdefense law
• UAE recruiting US personnel Displaced by DOGE

Other topics on the show include Mandiant's attribution capabilities, North Korea’s gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit.

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

Links:

• Episode transcript (Unedited, AI-generated)
• Official CrowdStrike preliminary post-mortem
• Microsoft VP David Weston on CrowdStrike outage
• Microsoft VP John Cable on the path forward
• Matt Suiche: Bob and Alice in Kernel-land
• Re-learning Lessons from the CrowdStrike Outage
• Ep5: CrowdStrike's faulty update
• Mandiant Report on North Korea's APT45
• CISA Advisory on North Korea APT45
• KnowBe4 Hires North Korean Fake IT Worker
• Israel’s attempt to sway NSO/WhatsApp spyware case

Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek).

Links:

• Transcript (unedited, AI-generated)
• AT&T SEC Filing on mega-breach
• CNN: Nearly all AT&T call and text records exposed in a massive breach
• Apple warns iPhone users in 98 countries of spyware
• India targets Apple over its phone hacking notifications
• Hyper-V zero-day exploited in the wild
• LABScon Program Committee

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

• Costin Raiu is on vacation.

Links:

• Transcript (unedited, AI-generated)
• Qualys: Remote Unauthenticated Code Execution in OpenSSH
• CSRB report on Microsoft hack
• CISA secure-by-design pledge
• CCC Talk: Operation Triangulation
• Lawfare: Responsible Cyber Offense
• Google: Stop Burning Counterterrorism Operations
• Follow Dave Aitel on Twitter
• J. A. Guerrero-Saade on Twitter
• Costin Raiu on Twitter
• Follow Ryan Naraine (@ryanaraine) on Twitter
• LABScon - Security Research in Real Time

A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware.

We also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.

Links:

• Episode transcript (Unedited, AI-generated)
• Google: Stop Burning Counterterrorism Operations
• Russian hackers sanctioned by European Council
• TeamViewer statement on APT29 breach
• Polyfill supply chain attack
• Request a LABScon invite
• Follow Costin Raiu on Twitter
• Follow JAG-S on Twitter
• Follow Ryan Naraine on Twitter

Links:

• Microsoft’s embarrassing Recall
• Brad Smith CSRB testimony
• Inside Apple Private Cloud Compute
• LABScon - Security Research in Real Time
• Follow Costin Raiu (@craiu) / X
• Follow JAG-S (@juanandres_gs) / X
• Follow Ryan Naraine (@ryanaraine) / X

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.

Links:

• Projects - Peculiar Ventures
• Ryan Hurst on LinkedIn
• Binarly - AI-powered firmware security
• SandboxAQ

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Bessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.

Links:

• Jason Chan, VP, Information Security, Netflix
• Jason Chan on LinkedIn
• Follow Jason on Twitter / X
• Jason Chan - Bessemer Venture Partners — Jason Chan is an operating advisor at Bessemer where he brings over twenty years of experience in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices. Most recently, Jason built and led the information security team at Netflix for over a decade. His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting. 

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.

Links:

• Kymberlee Price on LinkedIn
• BlueHat Seattle Closing Remarks - YouTube
• Keynote: Defenders Assemble - Kymberlee Price
• BlueHat | Microsoft

Links:

• Microsoft Flags SolarWinds Serv-U 0-day exploit
• SolarWinds Serv-U RCE advisory
• In-the-wild zero-day counter
• Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation

As businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.

Links:

• Dave Weston on Twitter
• David Weston: Hardening with Hardware — In this talk, we will review the metamorphosis and fundamental re-architecture of Windows to take advantage of emerging hardware security capabilities.
• Windows 10 in S mode