Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks

June 20th, 2025  |  3 hrs 7 mins

apt research, cryptocurrency, cyberwar, nation-state, zero-day

Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all.

Hamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions.

Cast: Hamid Kashfi, Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms

June 13th, 2025  |  1 hr 51 mins

apt research, cyberwar, nation-state, zero-day

Three Buddy Problem - Episode 50: This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes.

Plus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

Mikko Hypponen talks drone warfare, APT naming schemes

June 6th, 2025  |  1 hr 29 mins

apt research, drones, nation-state, zero-day

Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.

Plus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium.

Cast: Costin Raiu, Ryan Naraine and Mikko Hypponen.

• Juan Andres Guerrero-Saade is out this week at Sleuthcon.

The dark hole of 'friendlies' and Western APTs

May 30th, 2025  |  2 hrs 11 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 48: We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion.

Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology.

We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate

May 23rd, 2025  |  2 hrs 30 mins

apt research, china, microsoft, nation-state, russia, zero-day

Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots.

The back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines.

Along the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

A Coinbase breach with bribes, rogue contractors and a $20M ransom demand

May 16th, 2025  |  2 hrs 23 mins

apt research, cryptocurrency, nation-state, zero-day

Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demands. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

JAGS keynote: The intricacies of wartime cyber threat intelligence

May 9th, 2025  |  31 mins 7 secs

apt research, cti, nation-state, threat-intel, zero-day

Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week).

In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it.

Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

Signalgate redux, OpenAI's Aardvark, normalizing cyber offense

May 3rd, 2025  |  2 hrs 38 mins

apt research, nation-state, zero-day

Three Buddy Problem - Episode 44: We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors.
Plus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist.

Cast: Costin Raiu, Juan Andres Guerrero-Saade and Ryan Naraine.

Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security

April 25th, 2025  |  1 hr 33 mins

apt research, china, nation-state, north korea, spyware, surveillance, zero-day

Three Buddy Problem - Episode 43: Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights.

Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices.

Cast: Thomas Rid, Juan Andres Guerrero-Saade and Ryan Naraine.

• Costin Raiu is away this week.

China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles

April 17th, 2025  |  1 hr 39 mins

apt research, nation-state, surveillance, zero-day

Three Buddy Problem - Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days.

Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.