Three Buddy Problem

They mourn the decline of deep Windows malware archaeology and trace why complex APT writeups have become rare. They explore how threat intelligence moved behind paywalls and private rooms. They spotlight an AI-driven surge in Chrome and Firefox bug discoveries and a chaotic wave of Linux patches and reboots. They criticize vague vendor advisories that ship without actionable IOCs.

Andy Greenberg, WIRED technology and security reporter, walks through the newly deciphered FAST16 sabotage malware. He discusses how the covert code tampered with physics modeling software, why experts missed it for years, and the messy attribution debate pointing at allied state programs. The conversation also covers air‑gapped worm hypotheses and how AI is changing malware archaeology.

Mark Dowd, Director of Vigilant Labs and veteran offensive security researcher, discusses the economics and stresses of running an offensive shop. He explores how AI changes vulnerability discovery and exploit development. Conversations cover exploit chain pricing, mitigation effectiveness, device ecosystem fragmentation like HarmonyOS, persistence vs reboot, and vendor defenses such as Lockdown Mode and MIE.

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 94: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage. Plus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 – Intros + AI news whiplash 5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever 7:32 – AI accelerating vulnerability discovery at record pace 10:00 – Frontier lab cyber models, fine-tuning, guardrail removal & KYC 12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns 14:26 – Anthropic's infrastructure strain: Is Opus being nerfed? 21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal 28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax 34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild 41:36 – VirusTotal mining: The golden age of threat intel hunting 50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure 55:04 – Paleontology of threat research: When do you publish? Who do you trust? 1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows 1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips 2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek & the catch-up questionLinks:TranscriptMicrosoft Patches Exploited SharePoint Zero-Day and 160 Other VulnsZDI: April 2026 Patch Tuesday ReviewInside ZionSiphon: OT Malware Targeting Israeli Water SystemsGenDigital: Chasing an Angry SparkMAD Bugs: Month of AI-Discovered Bugs (Calif)HackerOne: The Vulnerability Apocalypse is a Remediation CrisisOpenAI scaling up Trusted Access for Cyber (TAC) ProgramOpenAI Commits $10m in API credits for cybersecurityAnthropic: Introducing Claude Opus 4.7 OpenAI confirms Axios developer tool compromiseJensen Huang x Jensen Huang on Nvidia’s AI MoatAnthropic: Detecting and preventing distillation attacksNIST Updates NVD Operations to Address Record CVE GrowthDreadnode Open-Source Tools to Measure AI Offense-Defense GapLABScon 2026 Call for PapersCyber-Paleontology in the Age of AI (Black Hat Asia 2026)Ekoparty Miami ScheduleTLPBLACK

They debate Anthropic’s Claude Mythos preview and whether it truly automates finding zero days. They unpack Project Glasswing’s limited invites, compute limits, and possible government intervention. They flag the looming patching crisis and threat to bug bounty programs. They cover the $285M Drift Protocol heist, APT28’s DNS hijacks, and Microsoft driver‑signing disruptions.

A deep dive into a complex ransomware incident and how attackers exploit Fortinet gear. They debate whether ransoms should ever be paid and how gangs price demands. The conversation probes LLMs writing exploits and the risk of engineers losing core skills. A provocative idea for a generative-first operating system and ways to tame dependency sprawl round out the tech-heavy discussion.

Jeremy Banon, founder and CEO of The Cyber Health Company, builds personal cybersecurity and privacy services for high-risk individuals and enterprise-sponsored executive protection. He discusses why executives’ personal accounts become corporate attack vectors. He describes a healthcare-style model with risk scores, concierge support, and how AI and deepfakes amplify personal compromise risks.

A fast-paced tech rundown covering Google’s new cyber disruption unit and what big infra can actually disrupt. Deep tradecraft talk linking Coruna to Operation Triangulation. A cascading supply-chain compromise through LiteLLM, Trivy and Checkmarx. Discussion of AI hype, Apple’s silent iOS patches, the FCC ban on foreign-made routers, and malware hunting for military data.

They reminisce about Sergey Mineev and his anomaly-hunting mastery. They unpack a new in-the-wild iOS exploit kit and why older Apple devices remain at risk. They tackle Interlock ransomware exploiting a Cisco zero-day and the Amazon discovery. They react to ProPublica’s findings on Microsoft and FedRAMP and note a major AI chip smuggling indictment.

A fast-paced rundown of a destructive wiper attack on a US medical device company and how MDM abuse enabled mass device wipes. A deep dive into Signal and WhatsApp account-targeting and weaknesses in verification and linked-device design. New research on APT28 developers resurfacing after years away. Updates on Apple patches and fresh exploit samples raising questions about provenance.