Can Apple's New Anti-Exploit Tech Stop iPhone Spyware Attacks?

September 9th, 2025  |  2 hrs 45 mins

apt research, cyberespionage, nation-state, spyware, surveillance, zero-day

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors.

Plus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security

April 25th, 2025  |  1 hr 33 mins

apt research, china, nation-state, north korea, spyware, surveillance, zero-day

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights.

Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices.

Cast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine.

• Costin Raiu is away this week.

China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles

April 17th, 2025  |  1 hr 39 mins

apt research, nation-state, surveillance, zero-day

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days.

Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.