Displaying Episode 1 - 10 of 19 in total of Three Buddy Problem with the tag “ransomware”.
-
Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
October 24th, 2025 | 2 hrs 11 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA.
We also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
JAGS LABScon 2025 keynote: Steps to an ecology of cyber
October 18th, 2025 | 31 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week.
In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place.
Juanito traces the field’s evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry’s slave morality, rethink our tools, and steer the next era of defense with intention.
-
Apple Exploit-Chain Bounties, Wireless Proximity Exploits and Tactical Suitcases
October 11th, 2025 | 2 hrs 23 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.
Plus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Oracle cl0p ransomware crisis, EU drone sightings, Cisco bootkit fallout
October 3rd, 2025 | 2 hrs 3 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company’s muted response.
Plus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI’s Sora 2 launch and its implications for social media and human expression; Palo Alto’s “Phantom Taurus” APT report, a follow-up on Cisco’s ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Cisco firewall zero-days and bootkits in the wild
September 27th, 2025 | 1 hr 54 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.
Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Live at LABScon: Aurora Johnson and Trevor Hilligoss on China's 'internet toilets'
September 24th, 2025 | 22 mins 13 secs
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets," the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025).
Cast: Aurora Johnson, Trevor Hilligoss Ryan Naraine and Juan Andres Guerrero-Saade.
-
Live at LABScon: Visi Stark shares memories of creating the APT1 report
September 24th, 2025 | 28 mins 50 secs
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 63: Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025).
Cast: Visi Stark, Ryan Naraine and Juan Andres Guerrero-Saade.
-
Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation
August 22nd, 2025 | 2 hrs 32 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 59: Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploits, why Apple’s guidance stops short, and the practical playbook (ADP on, reboot often, reduce attack surface) that actually works.
Plus, we debate Microsoft throttling MAPP access for Chinese vendors, the idea of “letters of marque” for cyber (outsourced offense: smart deterrent or Pandora’s box?), and dissect two case studies that blur APT and crimeware: PipeMagic’s CLFS zero-day and Russia-linked “Static Tundra” riding seven-year-old Cisco bugs.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service
August 1st, 2025 | 1 hr 51 mins
apt research, cyberespionage, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire.
Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.
Cast: Dakota Cary, Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.
-
How did China get Microsoft's zero-day exploits?
July 10th, 2025 | 1 hr 49 mins
apt research, cyberespionage, drone, nation-state, ransomware, zero-day
Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister?
Plus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations.
Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.