The greatest APT hunter of all time, Apple's exploit kit problem, Microsoft FedRAMP mess

(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)

Three Buddy Problem - Episode 90: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it.

Plus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript
• Thinkst Canary
• Equation Group: The Crown Creator of Cyber-Espionage
• The Project Sauron APT
• Google: The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
• iVerify: Inside DarkSword - A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
• Lookout: Attackers Wielding DarkSword Threaten iOS Users
• Apple statement on Coruna, DarkSword
• Amazon discovers Interlock ransomware hitting enterprise firewalls
• Cisco Secure Firewall Management Center RCE Flaw
• CISA Urges Endpoint Management System Hardening After Stryker Attack
• Stryker statements on wiper network disruption
• Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.
• White House Unveils National AI Legislative Framework
• Supermicro Founder Charged with Diverting AI tech to China
• NEBULA:FOG 2026 | AI x Security Hackathon