Three Buddy Problem - Episode 67: We discuss the rise of automated red-teaming, Apple’s $2 million exploit chain bounties aimed at outbidding spyware brokers and the iPhone maker's focus on wireless proximity attacks and “tactical suitcase” Wi-Fi exploits. We also hit the news of Paragon spyware targeting European executives and the bizarre story of NSO Group’s supposed US investor buyout.

Plus, an update on Oracle’s zero-day ransomware fiasco, Ivanti’s endless patch delays, the ethics of journalists enabling ransomware operations on leak sites, Europe’s latest failed push for Chat Control, and VirusTotal’s new pricing tiers.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Apple's new exploit-chain bounties
• Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
• Paragon Strikes Again: UniCredit CEO Among the Targets
• NSO to be acquired by U.S. investors
• Oracle confirms exploited 0day - CVE-2025-61882
• Oracle Security Officer comms
• Oracle E-Business Suite CVE-2025-61882 Exploited in Extortion Attacks
• ZDI documents Ivanti 0days waiting for patches
• One-man spam campaign ravages EU ‘chat control’ bill
• VirusTotal new pricing tiers
• Tavis Ormandy Kaspersky 0day find