Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Content provided by Security Conversations. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Conversations or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Three Buddy Problem
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k920
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
O
Our Skin: A Personal Discovery Podcast
1 You Are Your Longest Relationship: Artist DaQuane Cherry on Psoriasis, Art, and Self-Care 32:12
32:12 
Play Later 
Play Later 
Lists 
Like 
Liked32:12
Play Later
Play Later
Lists
Like
LikedDaQuane Cherry was once the kid who wore a hoodie to hide skin flare-ups in school. Now he’s an artist and advocate helping others feel seen. He reflects on his psoriasis journey, the power of small joys, and why loving yourself first isn’t a cliché—it’s essential. Plus, a deep dive into the history of La Roche-Posay’s legendary spring. See omnystudio.com/listener for privacy information.…
Mikko Hypponen talks drone warfare, APT naming schemes
Manage episode 487255555 series 2416144
Content provided by Security Conversations. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Conversations or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.
Plus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium.
Cast: Ryan Naraine, Costin Raiu and Mikko Hypponen
- Juan Andres Guerrero-Saade is out this week at Sleuthcon.
Links:
- Transcript (unedited, AI-generated)
- Mikko Hyppönen pivots from infosec to drones inspired by war
- Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones
- Anti-drone system | Sensofusion
- Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker
- How Microsoft names threat actors
- CrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution
- Qualcomm GPU driver 0days (exploitation detected)
- Chrome 0day exploited in the wild
- iVerify documents 'Nickname' iMessage exploitation
- Cellebrite to acquire mobile testing firm Corellium
- Hacker Chris Wade reveals the story of his presidential pardon, US government collaboration
172 episodes
ShareManage episode 487255555 series 2416144
Content provided by Security Conversations. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Conversations or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Three Buddy Problem - Episode 49: Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”.
Plus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium.
Cast: Ryan Naraine, Costin Raiu and Mikko Hypponen
- Juan Andres Guerrero-Saade is out this week at Sleuthcon.
Links:
- Transcript (unedited, AI-generated)
- Mikko Hyppönen pivots from infosec to drones inspired by war
- Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones
- Anti-drone system | Sensofusion
- Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker
- How Microsoft names threat actors
- CrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution
- Qualcomm GPU driver 0days (exploitation detected)
- Chrome 0day exploited in the wild
- iVerify documents 'Nickname' iMessage exploitation
- Cellebrite to acquire mobile testing firm Corellium
- Hacker Chris Wade reveals the story of his presidential pardon, US government collaboration
172 episodes
All episodes
×
1 Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’ 1:48:45
1:48:45 Play Later Play Later Lists Like Liked1:48:45
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 54 : Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes. Plus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found SQLite zero‑day, and OpenAI’s new task‑running agents. Meanwhile, Ukraine’s hackers wiped a Russian drone maker, ransomware crippled a major vodka producer, and another Chrome zero‑day quietly underscored how routine critical exploits have become. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Europol targets NoName057(16) pro-Russian cybercrime network Europe's most wanted list UK sanctions Russian spies linked to Mariupol strikes Profile: GRU cyber and hybrid threat operations Lindsay Freeman: War Crimes for Fun and Profit Lindsay Freeman bio CISA: End-of-Train and Head-of-Train Remote Linking Protocol Background of train vulnerability (CVE-2025-1727) ProPublica on Microsoft “Digital Escorts” Google’s Big Sleep AI bug-finding claims EchoLeak (CVE-2025-32711) Russian vodka producer reports disruptions after ransomware attack Ukrainian Hackers Cripple IT Infrastructure of Russian Drone Manufacturer Another exploited Google Chrome zero-day Three Buddy Problem LIVE at Black Hat Ringzer0 COUNTERMEASURE…
1 How did China get Microsoft's zero-day exploits? 1:49:05
1:49:05 Play Later Play Later Lists Like Liked1:49:05
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 53 : We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? Plus, China's massive cyber capabilities pipeline, ‘theCom’ teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) US Gov: Prolific Chinese state-sponsored contract hacker arrested Microsoft: HAFNIUM targeting Exchange Servers with 0-day exploits Microsoft Exchange Server Attack Timeline YouTube: Orange Tsai on ProxyLogon Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace The Growing Role of Cyber Militias in China’s Network Warfare Force Structure NCA arrest four for attacks on M&S, Co-op and Harrods Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war Cyberattack deals blow to Russian firmware used to repurpose civilian drones for Ukraine war Batavia spyware targeting Russian organizations Chainalysis: First-ever crypto seizure in Greece Ringzer0 COUNTERMEASURE — Three Buddy Problem discount code for training: CM25-3BUDDY LABScon 2025…
1 Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT 1:34:16
1:34:16 Play Later Play Later Lists Like Liked1:34:16
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 52 : Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” research. Plus, the FBI’s claim that China’s “Salt Typhoon” has been “contained,” Iran’s Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Houken: Seeking a path by living on the edge with zero-days China-nexus APTs recon on top-tier targets French cybersecurity agency confirms government affected by Ivanti hacks Top FBI cyber official: Salt Typhoon ‘largely contained’ Operation Blockbuster (Novetta) Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, bank hacks Inside the Nobitex Breach: What the Leaked Source Code Reveals About Iran’s Crypto Infrastructure cisagov/thorium…
1 Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks 3:07:13
3:07:13 Play Later Play Later Lists Like Liked3:07:13
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 51 : Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all. Hamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran’s true offensive muscle under sanctions. Cast: Hamid Kashfi , Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Pro-Israel hackers take credit for cyberattack on Iran's Bank Sepah Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War Codebreakers and Predatory Sparrow Iranian Exchange Nobitex: The $90M Exploit Iranian newspaper: Defense system was hacked Iranian state TV shows footage of Israeli drone Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks Israeli Officials Warn Iran Is Hijacking Security Cameras to Spy LABScon - Security Research in Real Time Three Buddy Problem LIVE Hamid Kashfi: The curious case of Predatory Sparrow Glasshouse episode with Hamid Kashfi…
1 Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms 1:51:48
1:51:48 Play Later Play Later Lists Like Liked1:51:48
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 50 : This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes. Plus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic takedown of Paragon’s iPhone spyware, and the sneaky Meta/Yandex trick that links Android web browsing to app IDs. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Israel-Iran war breaks out 'The magnet of threats' Mossad set up drone swarm base in Iran Stealth Falcon's Exploit of Microsoft Zero Day CVE-2025-33053 - WebDAV remote code execution CISA, Microsoft warn of Windows zero-day China-nexus Threat actors target SentinelOne Chinese Espionage Crews Circle SentinelOne Citizen Lab: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab Meta and Yandex are de-anonymizing Android users’ web browsing identifiers Dreadnode Offensive AI Conference LABScon Call for Papers…
1 Mikko Hypponen talks drone warfare, APT naming schemes 1:29:04
1:29:04 Play Later Play Later Lists Like Liked1:29:04
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 49 : Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”. Plus, news on Ukraine’s hack of bomber-maker Tupolev, the industry’s never-ending APT naming mess, iVerify’s newly disclosed iMessage zero-click bug, fresh Qualcomm GPU exploits still unpatched on Android devices, and Cellebrite’s purchase of Corellium. Cast: Ryan Naraine , Costin Raiu and Mikko Hypponen Juan Andres Guerrero-Saade is out this week at Sleuthcon. Links: Transcript (unedited, AI-generated) Mikko Hyppönen pivots from infosec to drones inspired by war Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones Anti-drone system | Sensofusion Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker How Microsoft names threat actors CrowdStrike and Microsoft Unite to Deconflict Cyber Threat Attribution Qualcomm GPU driver 0days (exploitation detected) Chrome 0day exploited in the wild iVerify documents 'Nickname' iMessage exploitation Cellebrite to acquire mobile testing firm Corellium Hacker Chris Wade reveals the story of his presidential pardon, US government collaboration…
1 The dark hole of 'friendlies' and Western APTs 2:11:19
2:11:19 Play Later Play Later Lists Like Liked2:11:19
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 48 : We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion. Plus, thoughts on an academic paper on the vanishing art of Western companies exposing Western (friendly) APT operations, debate whether stealth or self-censorship is to blame, and the long-tail effects on cyber paleontology. We also dig into Sean Heelan’s proof that OpenAI’s new reasoning model can spot a Linux kernel 0-day and the implications for humans in the bug-hunting chain. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Dutch intelligence agency outs 'Laundry Bear' Russian APT Russian gov hackers buying passwords from cybercriminals Microsoft: Russian actor Void Blizzard targets critical sectors for espionage Censys data on AyySSHush ASUS router botnet Czech Republic statement on Chinese hack Czech gov condemns Chinese hack on critical infrastructure NATO floats cybersecurity included in new spending target Mark your Google Calendar: APT41 innovative tactics The rise of responsible behavior: Western commercial reports on Western cyber threat actors How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation ASUS Botnet Tracker CISA: Logging Made Easy (LME)…
1 Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate 2:30:37
2:30:37 Play Later Play Later Lists Like Liked2:30:37
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 47 : We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots. The back half veers into Microsoft’s resurrected Windows Recall, Signal’s new screenshot-blocking countermeasure, Japan’s fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. Along the way you get hot takes on techno-feudalism, Johnny Ive’s rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Russian hackers hitting logistics companies supplying Ukraine CISA says Russian hackers targeting Ukraine war supply lines ViciousTrap: Turning edge devices into honeypots BadSuccessor: Abusing dMSA to escalate privileges in Active Directory Signal adds anti-screenshot to thwart Windows Recall Controversial Windows Recall gets security makeover Microsoft's International Criminal Court blockade Japan enacts active cyberdefense law UAE recruiting US personnel Displaced by DOGE…
1 A Coinbase breach with bribes, rogue contractors and a $20M ransom demand 2:23:34
2:23:34 Play Later Play Later Lists Like Liked2:23:34
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 46 : We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) Coinbase on $20m ransom demand SEC filing on Coinbase breach Coinbase Rogue Contractors Bribed to Leak Customer Data Ivanti 0day exploit chain (CVE-2025-4427 and CVE-2025-4428) Watchtowr blog on new Ivanti 0days CISA Known Exploited Vulnerabilities (KEV) 'Advanced Protection' comes to Android 16 Europe launches it own vulnerability database…
1 JAGS keynote: The intricacies of wartime cyber threat intelligence 31:07
31:07 Play Later Play Later Lists Like Liked31:07
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 45 : (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it. Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Keynote transcript The ethics and perils of APT research Recommended Talks The Lost APT Reports…
1 Signalgate redux, OpenAI's Aardvark, normalizing cyber offense 2:38:40
2:38:40 Play Later Play Later Lists Like Liked2:38:40
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 44 : We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors. Plus, fresh SentinelOne threat-intel notes, France’s attribution of GRU activity and a head-scratching $330 million Bitcoin heist. Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Costin Raiu . Links: Transcript (unedited, AI-generated) US government using obscure app to archive Signal messages Reuters photo of Mike Waltz phone US revokes Romania visa waiver program OpenSSH bug found by OpenAI 'Aardvark' JP Morgan Chase CISO: An open letter to third-party suppliers JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference SentinelOne LABS on DPRK threat actor targeting Alexei Bulazel comments at RSA conference Google report on 0day exploitation in 2024 Apple notifies new victims of spyware attacks across the world France attributes cyberattacks to Russia's military intelligence RT-Solar on ViPNet backdoor from 2021 Kaspersky: Sophisticated backdoor mimicking secure networking software updates $330m Bitcoin heist…
1 Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security 1:33:42
1:33:42 Play Later Play Later Lists Like Liked1:33:42
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 43 : Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surrounding AI consciousness and rights. Plus, TP-Link under US government investigation and the broader issues of consumer trust in hardware security, the need for regulation and inspectability of technology, and the struggles with patching network devices. Cast: Thomas Rid , Juan Andres Guerrero-Saade and Ryan Naraine . Costin Raiu is away this week. Links: Transcript (unedited, AI-generated) Anthropic: Exploring AI model welfare, consciousness David Chalmers: Taking AI Welfare Seriously Sam Altman: AI privacy safeguards can’t be established before ‘problems emerge’ TP-Link router pricing and China ties under US gov probe Bloomberg: TP-Link’s US Future Hinges on Claimed Split From China Verizon DBIR 2015 (full report) Mandiant M-Trends 2025 Report FBI seeking tips about China's 'Salt Typhoon' hackers North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature Dan Geer on the realpolitik of cybersecurity LABScon 2025 CFP is open Ransom War by Max Smeets…
1 China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles 1:39:19
1:39:19 Play Later Play Later Lists Like Liked1:39:19
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 42 : We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) China names alleged NSA cyberattack agents WSJ: In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks Apple Quashes Two Zero-Days With iOS, MacOS Patches Apple bulletin - iOS 18.4.1 Security Vulnerabilities Android zero-days documented MITRE CVE Program Gets Last-Hour Funding Reprieve NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD EU issues US-bound staff with burner phones to avoid espionage Exploitation of CLFS zero-day leads to ransomware Google announces Sec-Gemini v1 cybersecurity model…
1 NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs 1:36:57
1:36:57 Play Later Play Later Lists Like Liked1:36:57
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 41 : Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the sudden firing of NSA director and head of Cyber Command Tim Haugh. We also discuss Microsoft touting AI's value in finding open-source bootloader bugs, Silent Push report on a RUssian APT impersonating the CIA, a backdoor in a popular Chinese robot dog, and Chinese dominance of the robotics market. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) National Security Agency chief ousted after far-right activist urged his removal Mandiant: China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability Ivanti security bulletin (CVE-2025-22457) Chinese APT exploits misdiagnosed RCE in Ivanti VPNs Another exploited 0day in Apple iOS Android version of Lockdown Mode coming Microsoft: Using AI to find open-source bootloader flaws Indiana University cybersecurity "safe" after FBI home searches Silent Push: Russians impersonate CIA to target Ukraine sympathizers Unitree Go1 robot dog backdoor documentation America is missing in the robotics race Automated AI Reverse Engineering with MCP for IDA and Ghidra Bunny Huang: Perspectives on trust in hardware supply chains…
1 Signalgate and ID management hiccups, PuzzleMaker and Chrome 0days, Lab Dookhtegan returns 1:52:34
1:52:34 Play Later Play Later Lists Like Liked1:52:34
Play Later Play Later Lists Like LikedThree Buddy Problem - Episode 40 : On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) The Atlantic: The Trump admin accidentally texted me its war plans The Atlantic: Here are the attack plans shared on Signal Signal statement on SignalGate Our experts separate Signal from noise in the Trump team group chat Operation ForumTroll exploits zero-days in Google Chrome PuzzleMaker attacks with Chrome zero-day exploit chain Ten most mysterious APT campaigns that remain unattributed Operation FishMedley linked to i-SOON Chinese gov agency on mobile attacks by US intel agencies LabDookhtegan Telegram channel Tornado Cash sanctions removed Intrusion Truth Lab Dookhtegan archives on CyberScoop…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Daily Deals
Similar to Three Buddy Problem
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k920
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
