(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 81: We dissect New York Times reporting on the "precision" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and "letters of marque" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.

We also cover Check Point's research on "VoidLink" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsor: Material Security
• Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities
• Massive cyberattack on Polish power system in December failed, minister says
• What happened in Poland? (Ruben Santamarta)
• Costin Raiu: What’s Happening in Iran?
• Verizon just had a big outage. Here’s what we know
• Beijing tells Chinese firms to stop using US and Israeli cyber products
• MS Patch Tuesday CVE-2026-20805 (exploited in the wild)
• VoidLink: The Cloud-Native Malware Framework
• Microsoft disrupts global cybercrime subscription service
• Project Zero: A 0-click exploit chain for the Pixel 9
• Joint statement from Google and Apple
• Sean Plankey re-nominated to lead CISA
• TLPBLACK
• DistrictCon Agenda
• Ekoparty Miami
• The Thinking Game (Full Documentary)

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 80: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground.

Plus, did cyber make the lights go out in Venezuela?

Cast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsor: Material Security
• About Hamid Kashfi
• Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks
• Venezuela strike marks a turning point for US cyber warfare
• KittenBusters | CharmingKitten
• Comprehensive Threat Intelligence Report: Charming Kitten
• Between Three Nerds: The evolution of Iranian cyber espionage
• Trump says U.S. will hit Iran "very hard" if violence continues at protests
• Venezuelan oil giant PVDSA hit by cyberattack
• CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term
• Antiy Report on cyber operations in Venezuela
• Nationwide internet blackout reported in Iran

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 79: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.

In a special mailbag segment, we give our book recommendations and respond to common questions from the listeners.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsored by Material Security
• MongoDB Server Security Update (Dec 2025)
• CVE Record: CVE-2025-14847
• Censys on MongoBleed
• European Space Agency hit by cyberattack
• Security pros plead guilty to ransomware
• US removes sanctions for three execs tied to spyware maker Intellexa
• Bluetooth Headphone Jacking: A Key to Your Phone
• Dan Geer Black Hat 2015 keynote
• Book Review: Infected - A Candid Look at VirusTotal’s Birth and Legacy
• Infected: From Side Project to Google: The Journey Behind VirusTotal
• The Human Factor (Inside the CIA's dysfunctional intelligence culture)
• A Killing Art: The Untold History of Tae Kwon Do
• Thou Shall Prosper: Ten Commandments for Making Money
• Cult of the Dead Cow (by Joseph Menn)
• The Nvidia Way: Jensen Huang and the Making of a Tech Giant
• From Third World to First: The Singapore Story
• Thinking in Systems (PDF)
• AI Superpowers: China, Silicon Valley, and the New World Order
• The Denial of Death: Ernest Becker
• Energy and Civilization: A History by Vaclav Smil
• DeepLearning.AI

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered.

Plus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker Solutions
• Acting CISA director failed a polygraph
• LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
• Qianxin’s research on the CSDN watering hole attack
• ViciousTrap - Turning edge devices into honeypots en masse
• AyySSHush: Tradecraft of an emergent ASUS botnet
• Intellexa’s Global Corporate Web (Recorded Future)
• Frozen in transit: Secret Blizzard’s AiTM hits embassies in Russia
• GitHub - KittenBusters/CharmingKitten
• Bunnie Huang Black Hat keynote (YouTube)
• How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
• DeepSeek Debates: Chinese Leadership On Cost, True Training Cost, Closed Model Margin Impacts
• Behind the Dismantling of Hezbollah
• Israel Secretly Recruited Iranian Dissidents to Attack Iran From Within
• Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
• Code Orange: Cloudflare resilience plan following recent incidents
• Apple SEAR: Memory Integrity Enforcement

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 77: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.

Plus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• ThreatLocker Solutions
• Transcript (unedited, AI-generated)
• Trump Admin Turning to Private Firms in Cyber Offensive
• Microsoft on React2Shell
• React2Shell and OpenAI (shoutout Andrew MacPherson)
• Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw
• iOS 26.2 Security Patches
• Reporters Without Borders uncovers new spyware from Belarus
• Cisco Talos on Cisco 0day attacks
• Hack of Chinese state time center hints at U.S. advanced missile defense
• Amazon on Russian APT targeting Western critical infrastructure
• North Korean infiltrator caught in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location
• Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs
• Russian defense firms targeted by hackers using AI
• TLPBLACK looks back at 2025
• Inside Google's basement in Malaga: ChatGPT of Cybersecurity
• GitHub - xdanx/open-klara: Open KLara Project
• Gepetto Web

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups.

Plus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker : A security platform that prevents ransomware
• The Anatomy of a React2Shell Compromise (TLPBLACK)
• CVE-2025-55182 Analysis Report (GreyNoise)
• Exploitation of Critical Vulnerability in React Server Components
• PeerBlight Linux Backdoor Exploits React2Shell (Huntress)
• Patch Tuesday round-up (ZDI)
• How Two Hackers Went From Cisco Academy to Cisco CVEs
• Two Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
• OpenAI on dual-use AI risks
• Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
• DOJ Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
• Microsoft paying bounties for vulns in third-party code
• Cybersecurity 2026 Predictions (SentinelLABS)
• Dakota Cary is in the "anti-China Chorus"
• Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing
• Automated React2Shell vulnerability patching is now available - Vercel
• Computer Olympiad enters new era as IITPSA hands over to Thinkst Applied Research

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.

Plus, commentary on Chrome’s telemetry collection, Microsoft and the "SFI success story," newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker — Meet the cybersecurity platform that prevents ransomware
• An essay by Vess
• RIP Stealth
• Google Goodbye to the Chrome Cleanup Tool
• US National Security Strategy (PDF)
• Critical Security Vulnerability in React Server Components (CVE-2025-55182)
• Chinese threat groups rapidly exploit React2Shell vuln
• AWS MadPot
• BRICKSTORM Backdoor (PDF)
• WARP PANDA: A New Sophisticated China-Nexus Adversary
• Meet Group 78, the secret US task force that fights cybercriminals
• Recorded Future: Intellexa’s Global Corporate Web
• Intellexa’s Prolific Zero-Day Exploits Continue
• To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware
• Apple, Google send new round of threat notifications to users around world
• Calisto Targets Reporters Without Borders in Phishing Campaign
• Anthropic AI agents find $4.6M in blockchain smart contract exploits
• Lazarus hack largest South Korean crypto exchange
• EU countries reach breakthrough on chat-scanning law despite intense pushback
• The Denial of Death - by Ernest Becker

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.

We also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Microsoft CISO LinkedIn comments
• Shai Hulud 2.0 Strikes Again
• Wiz: Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed
• CISA guidance on mobile spyware on iOS, Android
• NSO Group argues WhatsApp injunction threatens existence
• Arctic Wolf: Russian APT targets U.S. Companies Supporting Ukraine
• FCC revokes telecom cybersecurity rules after Salt Typhoon hacks
• FCC Chairman statement on removing telco rules
• Amazon Is Using Specialized AI Agents for Deep Bug Hunting
• Anthropic CEO called to testify on AI cyber threats
• TLPBLACK
• Material Security (Book a demo)

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 73: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline.

Plus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Material Security -- Stop Attacks, Secure Data
• Transcript (unedited, AI-generated)
• Why Microsoft Needs to Split Windows in Two
• CYBERWARCON agenda
• Amazon: Nation-state actors bridging cyber and kinetic warfare
• Cyber Warfare Startup Nabs Contracts to Give US Military Hackers AI Tools
• Fortinet documents 0day attacks
• Fortinet CVE-2025-64446 Under Active Attack
• Google Chrome zero-day exploited
• Cloudflare statement on outage on November 18, 2025
• Cloudflare just got faster and more secure, powered by Rust
• Russian alleged cyber-hacker faces extradition to US after arrest in Thailand
• Russian detained over connection to Void Blizzard attacks
• Positive Technologies: Attacks of the Striking Panda
• PlushDaemon compromises network devices for adversary-in-the-middle attacks
• PlushDaemon compromises supply chain of Korean VPN service
• ASUS Routers Hijacked in Global 'WrtHug' Operation
• Arkham on Bitcoin Chen Zhi seized funds
• US DOJ $15 Billion Bitcoin Indictment
• TLPBLACK
• PIVOTcon 2026
• RE//verse Conference
• The Age of Disclosure (Prime Video)
• Amazon.com: Bullshit Jobs

Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.

Three Buddy Problem - Episode 72: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks.

Plus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as "actively exploited."

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Material Security case studies
• TLPBLACK
• Anthropic: Disrupting the first reported AI-orchestrated cyber espionage campaign
• Anthropic report on AI-orchestreated APT campaign ()DF)
• Data breach at Chinese infosec firm reveals weapons arsenal
• Twitter thread on KnownSec breach details
• China Accuses US of Orchestrating $13 Billion Bitcoin Hack
• CISA finds federal agencies missing critical (exploited) vulns
• Amazon discovers APT exploiting Cisco and Citrix zero-days
• Amazon launches private AI bug bounty program
• Amazon Nova
• Microsoft Warns of Exploited Windows Kernel Zero-Day
• Google intros Private AI Compute tech
• Google paper on Private AI Computer (PDF)
• OpenAI CISO on NYTimes request for ChatGPT conversations
• UK transport and cyber-security chiefs investigate Chinese-made buses
• Ruter pen-tests Chinese electric buses
• DistrictCon
• CYBERWARCON
• DefCamp 2025