Three Buddy Problem

A fast-paced tech rundown covering Google’s new cyber disruption unit and what big infra can actually disrupt. Deep tradecraft talk linking Coruna to Operation Triangulation. A cascading supply-chain compromise through LiteLLM, Trivy and Checkmarx. Discussion of AI hype, Apple’s silent iOS patches, the FCC ban on foreign-made routers, and malware hunting for military data.

They reminisce about Sergey Mineev and his anomaly-hunting mastery. They unpack a new in-the-wild iOS exploit kit and why older Apple devices remain at risk. They tackle Interlock ransomware exploiting a Cisco zero-day and the Amazon discovery. They react to ProPublica’s findings on Microsoft and FedRAMP and note a major AI chip smuggling indictment.

A fast-paced rundown of a destructive wiper attack on a US medical device company and how MDM abuse enabled mass device wipes. A deep dive into Signal and WhatsApp account-targeting and weaknesses in verification and linked-device design. New research on APT28 developers resurfacing after years away. Updates on Apple patches and fresh exploit samples raising questions about provenance.

They dissect the public spread of a powerful iOS exploit framework and how government-held tools slipped into criminal hands. They trace bird‑named exploit clues suggesting vendor provenance and debate forensic approaches for detection. They also cover rising use of zero-days by surveillance vendors and cybercrime, plus recent cyber‑war activity tied to Iran and Israel.

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.Links:Raw TranscriptCoruna: The Mysterious Journey of a Powerful iOS Exploit KitiVerify Details First Known Mass iOS AttackCoruna: Inside the Nation-State-Grade iOS Exploit Kit (iVerify)Wired: A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and CriminalsLockdown Mode or Nothing Zero-day reality check: iOS exploitation About Lockdown Mode (Apple)Charlie Miller on hacking iPhones, MacbooksTLPBLACK

Greg Linares, Principal Threat Intelligence Analyst at Huntress known for ransomware research, walks through how modern ransomware crews run like businesses. He breaks down the dominant families, the rise of RMM and ClickFix abuse, overlaps with nation-state activity, and practical defense priorities for resource-limited organizations.

They wake to news of U.S./Israeli strikes on Iran and dig into early cyber fallout, disinformation and proxy risks. The conversation shifts to Anthropic’s standoff with the Pentagon and how AI tools are rattling cybersecurity markets. They cover Trenchant’s zero‑day sanctions, exploit‑market dynamics, and fresh concerns around Cisco SD‑WAN and supply‑chain trust.

An explosive dive into a North Korean operation using fake IT worker personas and large-scale synthetic identity pipelines. A rundown of fresh Ivanti and Dell zero-days actively exploited in the wild. Discussion of Apple restoring shutdown logs and how AI coding agents are reshaping skills, workflow and meaning for security practitioners.

They unpack drone incursions over El Paso and whether cartels, anti‑drone tests, or hybrid warfare are to blame. They cover the Notepad++ supply chain fallout and new IOCs. They discuss Microsoft’s streak of exploited zero‑days and AI‑expanded attack surfaces. They dig into Apple’s zero‑click iOS exploits, Europe’s turn toward offensive cyber, and the politics around attributing major hacks.

They dig into how sloppy redactions crumble under OCR and AI, making sensitive names and attachments easy to recover. They unpack a high-profile Notepad++ supply-chain compromise and how attackers abused update flows and kernels. The conversation also covers AI-driven vulnerability discovery, a China-linked gateway-monitoring framework, and how Lockdown Mode stymied forensic access.