Shai-Hulud 2.0, Russia GRU Intrusions, and Microsoft’s Regulatory Capture

November 29th, 2025  |  1 hr 57 mins

ai, apt research, cyberespionage, nation-state, ransomware, spyware, zero-day

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).

Three Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.

We also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Gemini 3 reactions, Fortinet/Chrome zero-days, a Cloudflare monoculture and a billion-dollar crypto twist

November 21st, 2025  |  2 hrs 19 mins

ai, apt research, cyberespionage, nation-state, ransomware, zero-day

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices).

Three Buddy Problem - Episode 73: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline.

Plus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Anthropic Claude Code automating APT hacks, KnownSec leak, Chinese buses with remote access

November 14th, 2025  |  2 hrs 12 mins

ai, apt research, cyberespionage, nation-state, ransomware, zero-day

Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.

Three Buddy Problem - Episode 72: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks.

Plus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as "actively exploited."

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

LIVE from Ring0 COUNTERMEASURE: Google v FFmpeg, Ransomware Turncoats, Samsung 0days

November 10th, 2025  |  1 hr 9 mins

ai, apt research, cyberespionage, nation-state, ransomware, zero-day

Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.

Three Buddy Problem - Episode 71: The buddies travel to Canada for a live recording at the Countermeasure conference, discussing the Google v FFmpeg open-source patching brouhana, ransomware negotiators charged and linked to ransomware attacks, the looming TP-Link ban in the U.S., and the discovery of LANDFALL, an APT attack caught using a Samsung mobile zero-day.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs

October 31st, 2025  |  2 hrs 10 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 70: Dave Aitel from OpenAI's technical staff joins the buddies to discuss the just-launched Aardvark, OpenAI’s agentic “security researcher” that claims to read code, finds bugs, validates exploits, and ships patches. We press him on where LLMs beat fuzzers, privacy boundaries, human-in-the-loop realities, SDLC budgets, pen-test cadence, and the zero-day economy.

Plus, L3 Harris/Trenchant exec pleads guilty to selling exploits to Russian brokers, Kaspersky catches the return of HackingTeam using Chrome zero-day exploit chain, and news of a proposed law in Russia to force researchers to report vulnerabilities first to goverment agencies.

Cast: Dave Aitel (Technical Staff, OpenAI), Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA

October 24th, 2025  |  2 hrs 11 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA.

We also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

JAGS LABScon 2025 keynote: Steps to an ecology of cyber

October 18th, 2025  |  31 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem (Episode 68): The buddies are trapped in timezone hell with cross-country travel this week.

In this special episode, we present Juan Andres Guerrero-Saade's LABScon 2025 keynote-day presentation on the state of cybersecurity and why this phase of our collective project has failed, and how to build something smarter, more sustainable, and deeply interconnected in its place.

Juanito traces the field’s evolution from chaos to consolidation, weaving in cybernetics, standardization, and the dawning coexistence of human and artificial evaluative power. The result is part philosophical sermon, part rallying cry, an invitation to reject the industry’s slave morality, rethink our tools, and steer the next era of defense with intention.

Apple Exploit-Chain Bounties, Wireless Proximity Exploits and Tactical Suitcases

October 11th, 2025  |  2 hrs 23 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.

Plus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Oracle cl0p ransomware crisis, EU drone sightings, Cisco bootkit fallout

October 3rd, 2025  |  2 hrs 3 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company’s muted response.

Plus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI’s Sora 2 launch and its implications for social media and human expression; Palo Alto’s “Phantom Taurus” APT report, a follow-up on Cisco’s ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.

Cisco firewall zero-days and bootkits in the wild

September 27th, 2025  |  1 hr 54 mins

apt research, cyberespionage, nation-state, ransomware, zero-day

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.

Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.

Cast: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade.