Three Buddy Problem

Dave Aitel, an experienced security researcher at OpenAI, joins the discussion to unveil Aardvark, a groundbreaking AI designed to identify and fix code vulnerabilities. He shares insights on the interplay between AI and bug-hunting, emphasizing its advantages over traditional methods like fuzzing. The conversation also delves into the evolving landscape of cybersecurity, including recent legal issues around exploit sales and proposed legislation in Russia affecting vulnerability disclosures. Aitel offers valuable advice for startups in this rapidly changing field.

Three Buddy Problem - Episode 69: We dig into news that Apple's iOS 26 has quietly killed the shutdown.log forensic artifact used to spot signs of infections and what it means for threat hunters. Plus, whispers of a million-dollar WhatsApp zero-click exploit that never materialized at Pwn2Own, a surreal court case linking a Trenchant exploit developer to Russian buyers, and Chinese threat intel reports pointing fingers at the NSA. We also discuss calls for the US government to build a structured, lawful ecosystem for private-sector offensive operations to address existing chaos and market gaps. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Key IOCs for iPhone Spyware Cleaned With iOS 26 UpdateExploitation of WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Hamid Kashfi on CVE-2025-59287Pwn2Own Ireland resultsHacking Lab Boss Charged with Seeking to Sell Secrets in RussiaCourt doc (Peter Williams case)Cyber Insurer Sues Policyholder’s Cyber ProsNSA Accused of Stealing Secrets from China's National Time CentreChina's CN-CERT on alleged NSA espionage operationDanderSpritz documentationBuilding the US market for offensive cyberNetherlands Limits Intelligence-Sharing With US Amid Politicization, Russia FearsAgenda - Binding Hook LiveAgenda - State of StatecraftTBP Live at Countermeasures (Ottawa)

Join Juan Andres Guerrero-Saade, a senior threat intelligence researcher renowned for his insights on wartime cyber threats, as he explores the future of cybersecurity. He discusses the shift from chaos to a more sustainable, interconnected approach. Guerrero-Saade highlights the importance of systems thinking and introduces dyadic cybernetics, emphasizing the synergy between human and artificial evaluators. He challenges industry norms, urging practitioners to reclaim their worth and focus on tangible outcomes over mere compliance. It's a thought-provoking call to action in the evolving landscape of security.

Explore the intriguing realm of automated red-teaming and Apple's ambitious $2 million exploit bounties aimed at thwarting spyware brokers. Discover the rise of wireless proximity attacks and the curious case of tactical suitcases for Wi-Fi exploits. The discussion delves into Paragon spyware's targeting of European executives and the controversial NSO Group buyout rumors. Additionally, critiques of Oracle's patch delays and the ethics surrounding journalists on ransomware leak sites spark thoughtful debate.

Chris Eng, an experienced application security leader and former Chief Research Officer at Veracode, shares captivating insights from his extensive cybersecurity career, including his beginnings at the NSA and the founding of Veracode. He discusses the evolution of security culture, the challenges of software supply chains, and why companies must focus on programmatic support instead of just tools. Eng emphasizes the importance of meaningful security metrics for leaders and the impact of AI on development, while offering guidance on vetting AI solutions from startups.

Drones are stirring up chaos across European airports, revealing deeper concerns about hybrid warfare. Oracle faces a severe ransomware crisis linked to unpatched vulnerabilities, raising questions about its security role amidst the TikTok deal. OpenAI unveils Sora 2, promising to reshape social media and creative expression with AI-generated content. Meanwhile, Palo Alto's Phantom Taurus report highlights a concerning new threat landscape, with discussions around Cisco's recent cybersecurity missteps. The U.S. government shutdown adds another layer of complexity for agencies like CISA.

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal SectorsMandiant Brickstorm ScannerCisco advisory: Continued Attacks Against Cisco FirewallsNCSC report on Cisco ASA bootkit in the wildU.S. government scrambles to stop new hacking campaign blamed on ChinaUS Secret Service Statement on SIM Farm DiscoveryNYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.Airport chaos: Ransomware hits airport check-in systemsNCSC statement: Incident impacting Collins AerospaceGamaredon X Turla collab

Three Buddy Problem - Episode 64: SpyCloud Labs researchers Aurora Johnson and Trevor Hilligoss discuss the world of “internet toilets," the toxic online communities in China where harassment, stalking, and sextortion thrive. We explore how these groups operate, from doxing ex-lovers and enemies to running coordinated campaigns of cyberbullying that often spill into real-world harm. (Recorded at LABScon 2025). Cast: Aurora Johnson, Trevor Hilligoss, Ryan Naraine and Juan Andres Guerrero-Saade.Links:Plunging China's internet toilets (LABScon)SpyCloud Labs

Visi Stark, co-founder of the Vertex Project and intelligence expert behind the groundbreaking APT1 report, shares insights from his impactful career in cyber threat intelligence. He discusses the intricate process of selecting data for the report and the philosophy behind its naming. Stark reflects on how APT1 transformed the threat landscape and the challenges of revealing identities. He also critiques the current state of public threat intelligence, exposing the market's influence on reporting standards.

Three Buddy Problem - Episode 62: Lindsay Freeman, Director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Lindsay Freeman.Links:LABScon Speaker 2025: Lindsay FreemanWar Crimes for Fun and Profit (Lawfare)Mali: Army, Wagner Group Atrocities Against CiviliansThe Wagner Group’s Atrocities in Africa: Lies and Truth Massacres, Executions, and Falsified Graves: The Wagner Group’s Mounting Humanitarian Cost in Mali