Three Buddy Problem

The hosts dive into Microsoft's shifting stance on intel sharing and what it means for the security landscape. They dissect the Shai-Hulud 2.0 npm supply-chain attack and its implications for trust in package ecosystems. CISA's guidance on mobile spyware elicits strong opinions, while NSO's legal troubles reveal the complexities of cyber capabilities. Arctic Wolf's report on GRU-linked intrusions shines a light on geopolitical cyber threats, and the FCC's rollback of telecom cybersecurity rules sparks vital debates on regulation and accountability.

The hosts dive into the release of Gemini 3 and its performance, sparking debates on coding comparisons with other AI models. They highlight a significant Cloudflare outage and the risks of dependence on monocultures. Discussions around the implications of Iranian cyber activities and new APT reports reveal emerging threats. The episode includes a surprising twist about billions in seized Bitcoin linked to a mining hack, raising questions on the future of these funds. An engaging mix of tech insights and cybersecurity dilemmas keeps listeners on their toes.

The hosts dive into Anthropic's claims of the first AI-orchestrated cyberattack using Claude Code. They unpack skepticism about the evidence provided, questioning the motives behind the self-promotion. The discussion touches on the potential misuse of automation in Cybersecurity and the dangers of rapid exploitation. They also explore a major data breach at Chinese vendor KnownSec and China's accusation against the U.S. regarding a Bitcoin heist. Insights about Amazon's detection of zero-days and Google's Private AI Compute further fuel the conversation.

This engaging conversation dives into the rising tension between Google and FFmpeg over open-source patching. The hosts discuss the legal repercussions facing ransomware negotiators, highlighting insider risks. A mysterious APT attack named LANDFALL is revealed, linked to a Samsung mobile zero-day. They also touch on the potential ban of TP-Link in the U.S., exploring security implications in consumer hardware. With insights into AI-driven bug reports and their impact on maintainers, the episode is packed with timely tech discussions!

Dave Aitel, an experienced security researcher at OpenAI, joins the discussion to unveil Aardvark, a groundbreaking AI designed to identify and fix code vulnerabilities. He shares insights on the interplay between AI and bug-hunting, emphasizing its advantages over traditional methods like fuzzing. The conversation also delves into the evolving landscape of cybersecurity, including recent legal issues around exploit sales and proposed legislation in Russia affecting vulnerability disclosures. Aitel offers valuable advice for startups in this rapidly changing field.

Delve into the implications of iOS 26 cutting off crucial forensic tools for identifying iPhone malware. Discover the mystery behind a million-dollar WhatsApp zero-click exploit that fizzled at Pwn2Own. Explore a surreal court case involving a Trenchant developer accused of selling attack secrets to Russia. Unearth tensions as China’s cyber intelligence implicates the NSA in espionage activities. Finally, hear discussions on the need for a structured legal framework for offensive cyber operations in the U.S.

Join Juan Andres Guerrero-Saade, a senior threat intelligence researcher renowned for his insights on wartime cyber threats, as he explores the future of cybersecurity. He discusses the shift from chaos to a more sustainable, interconnected approach. Guerrero-Saade highlights the importance of systems thinking and introduces dyadic cybernetics, emphasizing the synergy between human and artificial evaluators. He challenges industry norms, urging practitioners to reclaim their worth and focus on tangible outcomes over mere compliance. It's a thought-provoking call to action in the evolving landscape of security.

Explore the intriguing realm of automated red-teaming and Apple's ambitious $2 million exploit bounties aimed at thwarting spyware brokers. Discover the rise of wireless proximity attacks and the curious case of tactical suitcases for Wi-Fi exploits. The discussion delves into Paragon spyware's targeting of European executives and the controversial NSO Group buyout rumors. Additionally, critiques of Oracle's patch delays and the ethics surrounding journalists on ransomware leak sites spark thoughtful debate.

Chris Eng, an experienced application security leader and former Chief Research Officer at Veracode, shares captivating insights from his extensive cybersecurity career, including his beginnings at the NSA and the founding of Veracode. He discusses the evolution of security culture, the challenges of software supply chains, and why companies must focus on programmatic support instead of just tools. Eng emphasizes the importance of meaningful security metrics for leaders and the impact of AI on development, while offering guidance on vetting AI solutions from startups.

Drones are stirring up chaos across European airports, revealing deeper concerns about hybrid warfare. Oracle faces a severe ransomware crisis linked to unpatched vulnerabilities, raising questions about its security role amidst the TikTok deal. OpenAI unveils Sora 2, promising to reshape social media and creative expression with AI-generated content. Meanwhile, Palo Alto's Phantom Taurus report highlights a concerning new threat landscape, with discussions around Cisco's recent cybersecurity missteps. The U.S. government shutdown adds another layer of complexity for agencies like CISA.