Three Buddy Problem

Security Conversations
undefined
Jul 25, 2025 • 1h 55min

Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days

A critical vulnerability in Microsoft SharePoint sparks national security concerns, with state-sponsored hackers exploiting faulty patches. The discussion highlights the chaotic landscape of cybersecurity practices and the challenges posed by outdated collaboration tools. Privacy issues are further scrutinized, including Microsoft’s past responses to data exposures. Plus, a humorous, cautionary tale unfolds about AI mishaps in coding, underscoring the need for robust protocols in tech development. Insights on consciousness and its links to language also provide a thought-provoking twist.
undefined
Jul 18, 2025 • 1h 49min

Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’

Discover the shocking vulnerability in U.S. train braking systems that could allow remote hijacking. Unravel the impact of new UK sanctions against Russia's GRU and the scrutiny on pro-Russian hacktivists. Delve into the dark world of 'war influencers' sharing graphic content online and the challenges of international accountability. Explore Microsoft's controversial reliance on Chinese engineers for U.S. cloud systems, and the rapid evolution of AI technologies and their security implications, all packed with humor and insightful commentary.
undefined
13 snips
Jul 10, 2025 • 1h 49min

How did China get Microsoft's zero-day exploits?

Discover the fascinating case of the first arrest of a Chinese intelligence-linked hacker in Italy. The discussion delves into the notorious HAFNIUM group, uncovering how they accessed Microsoft Exchange zero-days. Analyze the competitive cyber capabilities between the U.S. and China, and explore the rise of 'cyber militias' in the region. The episode also tackles cybersecurity challenges related to young offenders, the impact of drone technology in warfare, and the effectiveness of current cybersecurity tools.
undefined
34 snips
Jul 3, 2025 • 1h 34min

Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT

Dive into the latest cybersecurity revelations, highlighting France's exposure to Ivanti VPN zero-days and the intricate links to a North American threat actor known as 'Night Eagle.' Explore the complexities of cyber attribution, particularly amid geopolitical tensions and the reliability of threat intelligence from different regions. The hosts also discuss significant breaches, like Iran's Nobitex crypto-exchange hack, and ponder the implications of containment claims surrounding China's 'Salt Typhoon.' It's a fascinating look at the evolving landscape of cyber threats!
undefined
94 snips
Jun 20, 2025 • 3h 7min

Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks

Hamid Kashfi, a former researcher at Immunity/Trail of Bits with expertise in the Iran-Israel cyber conflict, joins the discussion. They delve into the shadowy group Predatory Sparrow and its cyber operations during the Israel-Iran war. The conversation covers a shocking $90 million cryptocurrency disappearance linked to hacktivism, the human impact of ATM outages, and the blurred lines between grassroots cyber activism and state-sponsored attacks. Kashfi offers on-the-ground insights into Iran's cyber capabilities amid ongoing geopolitical tensions.
undefined
15 snips
Jun 13, 2025 • 1h 52min

Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms

Delve into the cyber battlefield between Israel and Iran, where explosive drone swarms meet advanced hacking threats. Discover the 'magnet of threats' server in Iran that's drawing attention from multiple nation-states. Get insights into zero-day exploits and the implications of recent spyware targeting journalists. Explore the risks of de-anonymization in Android devices and how innovative solutions like Tailscale are reshaping digital security. This engaging discussion intertwines geopolitics with the latest in cybersecurity advancements.
undefined
Jun 6, 2025 • 1h 29min

Mikko Hypponen talks drone warfare, APT naming schemes

Mikko Hypponen, a cybersecurity veteran and Chief Research Officer at Sensofusion, dives into the cutting-edge world of drone warfare. He discusses Ukraine's innovative Operation Spiderweb, where drone swarms targeted Russian airbases, highlighting the changing landscape of military strategy. The conversation also touches on the ethical implications of autonomous drones and the challenges of naming cyber threats. With insights into the cyber tactics employed in the Ukraine-Russia conflict, Hypponen shares a unique perspective on the intersection of technology and modern warfare.
undefined
57 snips
May 30, 2025 • 2h 11min

The dark hole of 'friendlies' and Western APTs

The podcast dives into the complexities of cyber threat intelligence, spotlighting the controversial naming of actors like 'Void Blizzard' and the resulting confusion. It examines the significant role of initial-access brokers in nation-state breaches and critiques the decline of transparency in reporting Western APTs. The hosts discuss the potential of AI in identifying software vulnerabilities and its implications for cybersecurity professionals. They also highlight the necessary collaboration between the public and private sectors to tackle evolving threats.
undefined
31 snips
May 23, 2025 • 2h 31min

Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate

Exploring the intricate web of cyber warfare, the discussion highlights Russia's hacking of Ukraine's supply lines and a controversial vulnerability disclosure by Akamai. The conversation shifts to Signal's new screenshot-blocking feature, aimed at enhancing user privacy amid growing concerns. A fascinating debate unfolds over the ethics of exploit code publication and its implications for defenders in cybersecurity. Additionally, Japan's shift towards offensive cyber defense raises eyebrows, alongside discussions on the role of tech giants in shaping future governance.
undefined
4 snips
May 16, 2025 • 2h 24min

A Coinbase breach with bribes, rogue contractors and a $20M ransom demand

Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Coinbase on $20m ransom demandSEC filing on Coinbase breachCoinbase Rogue Contractors Bribed to Leak Customer DataIvanti 0day exploit chain (CVE-2025-4427 and CVE-2025-4428)Watchtowr blog on new Ivanti 0daysCISA Known Exploited Vulnerabilities (KEV)'Advanced Protection' comes to Android 16Europe launches it own vulnerability database

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app