(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.

Plus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Material Security (Use Cases)
• ESET DynoWiper update: Technical analysis and attribution
• Poland CERT on Russian wiper attacks
• Poland blames two Ukrainians allegedly working for Russia for railway blast
• Britain’s New Spy Chief Has a New Mission
• Two New Ivanti 0days Exploited
• Microsoft ships emergency Office patch to thwart attacks
• Analysis of Single Sign-On Abuse on FortiOS
• Fortinet PSIRT: Administrative FortiCloud SSO authentication bypass
• Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
• WhatsApp Strict Account Settings
• China Executes 11 People Linked to Cyberscam Centers in Myanmar
• Singapore to start caning for scammers
• Germany on hacking attacks: "We will strike back, including abroad"
• Acting CISA chief uploaded sensitive files into a public version of ChatGPT
• TLP BLACK
• LABScon 2026
• KasperSekrets

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors.

Plus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Material Security (use cases)
• Sean Heelan on the coming industrialisation of exploit generation with LLMs
• VoidLink Shows AI-Generated Malware Has Begun
• LLMs in the SOC: Why Benchmarks Fail Security Operations Teams
• CISA advisory on BRICKSTORM backdoor
• Node.js — New HackerOne Signal Requirement
• AI slop security reports submitted to cURL
• Arctic Wolf on FortiGate attacks via SSO accounts
• New Cisco Remote Code Execution Vulnerability
• From Protest to Peril: Cellebrite Used Against Jordanian Civil Society
• Microsoft on multi‑stage AiTM phishing and BEC campaign abusing SharePoint
• Microsoft Gave FBI BitLocker Encryption Keys
• The Mastermind: Drugs. Empire. Murder. Betrayal
• Kim Zetter: Cyberattack on Poland’s energy grid used a wiper
• ESET on 'DynoWiper' malware

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 81: We dissect New York Times reporting on the "precision" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and "letters of marque" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.

We also cover Check Point's research on "VoidLink" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsor: Material Security
• Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities
• Massive cyberattack on Polish power system in December failed, minister says
• What happened in Poland? (Ruben Santamarta)
• Costin Raiu: What’s Happening in Iran?
• Verizon just had a big outage. Here’s what we know
• Beijing tells Chinese firms to stop using US and Israeli cyber products
• MS Patch Tuesday CVE-2026-20805 (exploited in the wild)
• VoidLink: The Cloud-Native Malware Framework
• Microsoft disrupts global cybercrime subscription service
• Project Zero: A 0-click exploit chain for the Pixel 9
• Joint statement from Google and Apple
• Sean Plankey re-nominated to lead CISA
• TLPBLACK
• DistrictCon Agenda
• Ekoparty Miami
• The Thinking Game (Full Documentary)

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 80: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground.

Plus, did cyber make the lights go out in Venezuela?

Cast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsor: Material Security
• About Hamid Kashfi
• Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks
• Venezuela strike marks a turning point for US cyber warfare
• KittenBusters | CharmingKitten
• Comprehensive Threat Intelligence Report: Charming Kitten
• Between Three Nerds: The evolution of Iranian cyber espionage
• Trump says U.S. will hit Iran "very hard" if violence continues at protests
• Venezuelan oil giant PVDSA hit by cyberattack
• CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term
• Antiy Report on cyber operations in Venezuela
• Nationwide internet blackout reported in Iran

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 79: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.

In a special mailbag segment, we give our book recommendations and respond to common questions from the listeners.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Sponsored by Material Security
• MongoDB Server Security Update (Dec 2025)
• CVE Record: CVE-2025-14847
• Censys on MongoBleed
• European Space Agency hit by cyberattack
• Security pros plead guilty to ransomware
• US removes sanctions for three execs tied to spyware maker Intellexa
• Bluetooth Headphone Jacking: A Key to Your Phone
• Dan Geer Black Hat 2015 keynote
• Book Review: Infected - A Candid Look at VirusTotal’s Birth and Legacy
• Infected: From Side Project to Google: The Journey Behind VirusTotal
• The Human Factor (Inside the CIA's dysfunctional intelligence culture)
• A Killing Art: The Untold History of Tae Kwon Do
• Thou Shall Prosper: Ten Commandments for Making Money
• Cult of the Dead Cow (by Joseph Menn)
• The Nvidia Way: Jensen Huang and the Making of a Tech Giant
• From Third World to First: The Singapore Story
• Thinking in Systems (PDF)
• AI Superpowers: China, Silicon Valley, and the New World Order
• The Denial of Death: Ernest Becker
• Energy and Civilization: A History by Vaclav Smil
• DeepLearning.AI

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered.

Plus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker Solutions
• Acting CISA director failed a polygraph
• LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
• Qianxin’s research on the CSDN watering hole attack
• ViciousTrap - Turning edge devices into honeypots en masse
• AyySSHush: Tradecraft of an emergent ASUS botnet
• Intellexa’s Global Corporate Web (Recorded Future)
• Frozen in transit: Secret Blizzard’s AiTM hits embassies in Russia
• GitHub - KittenBusters/CharmingKitten
• Bunnie Huang Black Hat keynote (YouTube)
• How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
• DeepSeek Debates: Chinese Leadership On Cost, True Training Cost, Closed Model Margin Impacts
• Behind the Dismantling of Hezbollah
• Israel Secretly Recruited Iranian Dissidents to Attack Iran From Within
• Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
• Code Orange: Cloudflare resilience plan following recent incidents
• Apple SEAR: Memory Integrity Enforcement

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 77: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.

Plus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• ThreatLocker Solutions
• Transcript (unedited, AI-generated)
• Trump Admin Turning to Private Firms in Cyber Offensive
• Microsoft on React2Shell
• React2Shell and OpenAI (shoutout Andrew MacPherson)
• Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw
• iOS 26.2 Security Patches
• Reporters Without Borders uncovers new spyware from Belarus
• Cisco Talos on Cisco 0day attacks
• Hack of Chinese state time center hints at U.S. advanced missile defense
• Amazon on Russian APT targeting Western critical infrastructure
• North Korean infiltrator caught in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location
• Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs
• Russian defense firms targeted by hackers using AI
• TLPBLACK looks back at 2025
• Inside Google's basement in Malaga: ChatGPT of Cybersecurity
• GitHub - xdanx/open-klara: Open KLara Project
• Gepetto Web

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups.

Plus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker : A security platform that prevents ransomware
• The Anatomy of a React2Shell Compromise (TLPBLACK)
• CVE-2025-55182 Analysis Report (GreyNoise)
• Exploitation of Critical Vulnerability in React Server Components
• PeerBlight Linux Backdoor Exploits React2Shell (Huntress)
• Patch Tuesday round-up (ZDI)
• How Two Hackers Went From Cisco Academy to Cisco CVEs
• Two Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
• OpenAI on dual-use AI risks
• Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
• DOJ Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups
• Microsoft paying bounties for vulns in third-party code
• Cybersecurity 2026 Predictions (SentinelLABS)
• Dakota Cary is in the "anti-China Chorus"
• Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing
• Automated React2Shell vulnerability patching is now available - Vercel
• Computer Olympiad enters new era as IITPSA hands over to Thinkst Applied Research

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.

Plus, commentary on Chrome’s telemetry collection, Microsoft and the "SFI success story," newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker — Meet the cybersecurity platform that prevents ransomware
• An essay by Vess
• RIP Stealth
• Google Goodbye to the Chrome Cleanup Tool
• US National Security Strategy (PDF)
• Critical Security Vulnerability in React Server Components (CVE-2025-55182)
• Chinese threat groups rapidly exploit React2Shell vuln
• AWS MadPot
• BRICKSTORM Backdoor (PDF)
• WARP PANDA: A New Sophisticated China-Nexus Adversary
• Meet Group 78, the secret US task force that fights cybercriminals
• Recorded Future: Intellexa’s Global Corporate Web
• Intellexa’s Prolific Zero-Day Exploits Continue
• To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware
• Apple, Google send new round of threat notifications to users around world
• Calisto Targets Reporters Without Borders in Phishing Campaign
• Anthropic AI agents find $4.6M in blockchain smart contract exploits
• Lazarus hack largest South Korean crypto exchange
• EU countries reach breakthrough on chat-scanning law despite intense pushback
• The Denial of Death - by Ernest Becker

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.

We also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Microsoft CISO LinkedIn comments
• Shai Hulud 2.0 Strikes Again
• Wiz: Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposed
• CISA guidance on mobile spyware on iOS, Android
• NSO Group argues WhatsApp injunction threatens existence
• Arctic Wolf: Russian APT targets U.S. Companies Supporting Ukraine
• FCC revokes telecom cybersecurity rules after Salt Typhoon hacks
• FCC Chairman statement on removing telco rules
• Amazon Is Using Specialized AI Agents for Deep Bug Hunting
• Anthropic CEO called to testify on AI cyber threats
• TLPBLACK
• Material Security (Book a demo)