Three Buddy Problem

Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days


Listen Later

Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party.

We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

  • Transcript (unedited, AI-generated)
  • Three Buddy Problem LIVE at Black Hat
  • TBP at Countermeasures 2025
  • CODE WHITE GmbH ToolShell exploit
  • Microsoft guidance for SharePoint vulnerability CVE-2025-53770
  • Kaspersky on ToolShell: A story of five Sharepoint vulns
  • Ryan's EkoParty keynote on Microsoft culture
  • Microsoft Disrupting active exploitation of on-prem SharePoint flaws
  • SentinelLabs on Sharepoint zero-day in-the-wild
  • ESET on ToolShell: An all-you-can-eat buffet for threat actors
  • Microsoft Stops Using China-Based Engineers for DoD Computer Systems
  • AI coding platform goes rogue during code freeze and deletes entire company database
  • Jason Lemkin: Replit goes rogue
  • John Hultquist on Big Dream AI
  • LABScon 2025
...more
View all episodesView all episodes
Download on the App Store

Three Buddy ProblemBy Security Conversations

  • 4.9
  • 4.9
  • 4.9
  • 4.9
  • 4.9

4.9

57 ratings


More shows like Three Buddy Problem

View all
Risky Business by Patrick Gray

Risky Business

364 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

Hacked by Hacked

Hacked

182 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,013 Listeners

Smashing Security by Graham Cluley

Smashing Security

314 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,921 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

163 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

190 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

76 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

128 Listeners

Signals and Threads by Jane Street

Signals and Threads

74 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

The 404 Media Podcast by 404 Media

The 404 Media Podcast

314 Listeners