North Korea's Biggest Ever Crypto Heist: $1.4B Stolen From Bybit Three Buddy Problem podcast

2:05:43

Three Buddy Problem - Episode 38 : On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Microsoft Flags Six Active Zero-Days, Patches 57 Flaws Unpatched.ai discoveries Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw Apple iOS 18.3.2 and iPadOS 18.3.2 documentation Citizen Lab: Predator in the wires FreeType Zero-Day Being Exploited in the Wild CVE-2020-15999: FreeType Heap Buffer Overflow Mandiant : Ghost in the Juniper router Jun OS out-of-cycle security bulletin (CVE-2025-21590) Juniper Malware Removal Tool Binarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code Behavior Crypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap The Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits Reuters journalist Raphael Satter loses overseas citizenship Yanis Varoufakis: Trump’s tariff chaos explained Technofeudalism: What Killed Capitalism (Yanis Varoufakis)…

Three Buddy Problem

1
Revisiting the Lamberts, i-Soon indictments, VMware zero-days 1:39:32

11 days ago1:39:32

1:39:32

Three Buddy Problem - Episode 37 : This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to its position on tracking Russian threats, and the high-level diplomatic optics at play. Plus, a dissection of ‘The Lamberts’ APT and connections to US intelligence agencies, attribution around ‘Operation Triangulation’ and the lack of recent visibility into these actors. We also discuss a fresh batch of VMware zero-days, China’s i-Soon ‘hackers-for-hire’ indictments, the Pangu/i-Soon connection, and a new wave of Apple threat-intel warnings about mercenary spyware infections. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Kim Zetter: Did Trump admin order a stand-down on Russia? Unraveling the Lamberts Toolkit (Securelist) VB2019: King of the hill: nation-state counterintelligence for victim deconfliction VB2018: Draw me like one of your French APTs Symantec: Who is Longhorn? VMware: Three new zero-days exploited Broadcom patches 3 VMware zero-days exploited in the wild DOJ indictments: i-Soon hackers for hire and APT27 Unmasking I-Soon Catalan court orders former NSO Group execs be indicted for spyware abuses Apple sending 'mercenary spyware' threat notifications How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist Safe{Wallet] post-mortem on ByBit $1.4B crypto heist…

Three Buddy Problem

1
Lazarus ByBit $1.4B heist was supply chain attack on developer 1:53:22

18 days ago1:53:22

1:53:22

Three Buddy Problem - Episode 36 : Ryan and Juanito join the show from the RE//verse conference with discussion on Natalie Silvanovic’s keynote on hunting for bugs in mobile messengers, the thrill of looking at exposed attack surfaces and the grueling “losses” bug hunters endure before a breakthrough. We also cover the latest on the $1.4 billion ByBit hack pinned on the Lazarus Group and the malicious JavaScript supply chain attack at the center of the cryptocurrency heist. Plus, the ethical gray zones of tethered exploits via Cellebrite, the whiplash of AI-driven threat intel, and the looming pivot in U.S. cyber policy signaling a stand-down on Russia-focused ops. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) RE//verse Conference FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge FBI alert on $1.5b crypto heist CISA report on TraderTraitor Bybit launches bug bounty program Lazarus Bounty Cellebrite zero-day exploit used to target phone of Serbian student activist Trump administration retreats in fight against Russian cyber threats Hegseth orders Cyber Command to stand down on Russia planning…

Three Buddy Problem

1
North Korea's biggest ever crypto heist: $1.4B stolen from Bybit 2:07:07

24 days ago2:07:07

2:07:07

Three Buddy Problem - Episode 35 : Juanito is live from DistrictCon with notes on discussion of an elusive iOS zero-day by a company called QuaDream and Apple’s controversial removal of iCloud backup end-to-end encryption in the UK. We also cover a staggering $1.4 billion hack by the Lazarus Group against Bybit, new angles in NSA-linked cyber-espionage against China’s top universities, Chinese hacking gangs moonlighting as ransomware criminals, and Russian APTs abusing Signal’s “linked devices” feature. Plus, Costin explains Microsoft’s quantum computing breakthrough. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) DistrictCon: Dissecting a QuaDream iOS zero-day Unpacking the UK government's secret iCloud backdoor demand U.K. orders Apple to let it spy on users’ encrypted accounts Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand Bybit Sees Over $4 Billion ‘Bank Run’ After Crypto’s Biggest Hack ByBit CEO explains crypto heist iVerify on Pegasus infections Is there a Pangu Team/i-SOON connection? Russian hackers actively targeting Signal Messenger How Russian APTs abuse Signal 'linked devices' for real-time spying Cisco Talos: In the midst of a Typhoon Satya Nadella: Reflections on a quantum computing breakthrough Taiwan wants to ban Fortinet, Zoom Pangu Team Bvp47 report…

Three Buddy Problem

1
An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug 1:25:12

5 weeks ago1:25:12

1:25:12

Three Buddy Problem - Episode 34 : We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Apple iOS 18.3.1 zero-day bulletin Apple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack Quarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200) ZDI Patch Tuesday recap (exploited Windows 0days) The BadPilot campaign (Seashell Blizzard subgroup) Rapid7 on PostgreSQL zero-day linked to BeyondTrust 0days PostgreSQL 0day advisory (CVE-2025-1094) Google partial disclosure of high-risk flaw in AMD microcode AMD SEV Confidential Computing Vulnerability (CVE-2024-56161) Fortinet documents another exploited 0day Storm-2372 conducts device code phishing campaign CrowdStrike on malware naming schemes…

Three Buddy Problem

1
Unpacking the UK government's secret iCloud backdoor demand 2:22:42

6 weeks ago2:22:42

2:22:42

Three Buddy Problem - Episode 33 : In this episode, we unpack the UK government's secret push for backdoor access to encrypted iCloud data, Apple’s approach to iCloud encryption, and the broader implications for privacy and security on a global scale. Plus, how security agencies handle zero-day vulnerabilities, surveillance spyware and mercenary hacking, and TikTok-powered election disinformation and interference. From wormable exploits like Eternal Bue to the realities of AI-based spying, the episode offers a detailed look into how government oversight, private sector collaboration, and shifting market forces have reshaped the way we think about cybersecurity. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) UK orders Apple to let it spy on users’ iCloud data How to turn on Advanced Data Protection for iCloud Kim Zetter: US government disclosed 39 zero-days in 2023 CISA alert on Trimble zero-day exploitation France VIGINUM report on foreign digital election interference…

Three Buddy Problem

1
Inside the DeepSeek AI existential crisis, Chinese 'backdoor' in medical devices 2:19:44

7 weeks ago2:19:44

2:19:44

Three Buddy Problem - Episode 32 : In this episode, we rummage through the DeepSeek hype and break down what makes it different from OpenAI’s models, why it’s stirring up existential controversies, and what it means for the broader tech landscape. We get into the privacy concerns, the geo-political implications, how AI models handle data, the ongoing debate over IP theft and innovation, and the challenges that come with a Chinese company shipping an open-source alternative. Beyond AI, we dig into some of the latest headlines; from a Chinese ‘backdoor’ in medical devices, problems with CISA’s backdoor bulletin, the risks of insecure IoT, phishing attacks on influencers, and ongoing battles over censorship in the VPN space. We also touch on WhatsApp catching spyware vendor Paragon Solutions and potential shifts in U.S. government policy on commercial mercenary hacking and surveillance companies. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) DeepSeek Privacy Policy White House evaluates effect of China AI app DeepSeek on national security Why ‘Distillation’ Has Become the Scariest Word for AI Companies Microsoft Probing If DeepSeek-Linked Group Improperly Obtained OpenAI Data U.S. Navy bans use of DeepSeek AI Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator ScatterBrain: Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors CISA advisory: Contec CMS8000 contains a backdoor Contec CMS 8000 product manual NordVPN NordWhisper WhatsApp: Spyware company Paragon targeted users in two dozen countries X Phishing Campaign Targeting High Profile Accounts, Promoting Crypto Scams LABScon24: Follow the Money -- CCP’s Ownership of Firms Investing in the USA (Elly Rostoum) Binarly Post-Quantum Readiness Technology…

Three Buddy Problem

1
Death of the CSRB, zero-days storms at the edge, Juniper router backdoors 1:48:59

8 weeks ago1:48:59

1:48:59

Three Buddy Problem - Episode 31 : Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Dennis Fisher. Ryan Naraine in on work travel. Links: Transcript (unedited, AI-generated) DHS Disbands Cyber Safety Review Board, Ending One of CISA’s Few Bright Spots CSRB report on Microsoft Exchange Online Intrusion Senator Ron Wyden on CSRB disbandment CISA CSRB: good riddance Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications SonicWall confirms new 0day exploited in the wild The J-Magic Show: Magic Packets and Where to Find Them…

Three Buddy Problem

1
Inside the PlugX malware removal operation, CISA takes victory lap and another Fortinet 0day 1:59:52

9 weeks ago1:59:52

1:59:52

Three Buddy Problem - Episode 30 : We discuss French threat-intel Sekoia creating a portal to handle “sovereign disinfections” of the PlugX malware, CISA leadership taking a victory lap using the ‘Secure by Design’ pledge as a trophy, the new Biden cybersecurity Executive Order, another Fortinet zero-day, the TikTok ban and Ukrainian hackers targeting Russian companies. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Court-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers PlugX removal affidavit Sekoia -- PlugX worm disinfection campaign Jen Easterly: Building a secure by Design ecosystem Trump zeroes in on Sean Plankey to lead CISA Sean Plankey bio Biden cybersecurity executive order Biden executive order aims to shore up US cyber defenses Gravy Analytics accused of negligence over location data breach Tracking the mobile trackers (Costin Raiu) - YouTube Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group New Star Blizzard spear-phishing campaign targets WhatsApp accounts UK proposes ransomware payment ban Fortinet authentication bypass zero-day Fortinet: Deep dive into a Linux rootkit malware Bernardo Quintero's new book on VirusTotal (Spanish-language)…

Three Buddy Problem

1
Hijacking .gov backdoors, Ivanti 0days and a Samsung 0-click vuln 1:48:21

10 weeks ago1:48:21

1:48:21

Three Buddy Problem - Episode 29 : Another day, another Ivanti zero-day being exploited in the wild. Plus, China's strange response to Volt Typhoon attribution, Japan blames China for hacks, a Samsung 0-click vulnerability found by Project Zero, Kim Zetter's reporting on drone sightings and a nuclear scare. Plus, hijacking abandoned .gov backdoors and Ukrainian hacktivists wiping a major Russian ISP. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Ivanti Connect Secure zero-day advisory Mandiant report on new Ivanti zero-day China Daily responds to Volt Typhoon attribution Japan warns about Chinese 'MirrorFace' attacks Who is MirrorFace? Natalie Silvanovich on new Samsung 0-click Kim Zetter: Anatomy of a Nuclear Scare Backdooring .gov backdoors via $20 domains APT32 poisoning GitHub, targeting Chinese security pros Ukraine wipes Russian ISP Russian internet provider confirms network ‘destroyed’ by Ukrainian hackers Mullvad: Quantum-resistant tunnels on desktop VPN Fundraiser for Marc Rogers CNN: Amit Yoran has died at 54…

Three Buddy Problem

1
US Treasury hacked via BeyondTrust, MISP and the threat actor naming mess 1:49:16

11 weeks ago1:49:16

1:49:16

Three Buddy Problem - Episode 28 : In this episode, we explore the ongoing challenges of threat actor naming in cybersecurity and the confusion caused by a lack of standardization, methodological inconsistencies and skewed, marketing-driven incentives. Plus, the US Treasury/BeyondTrust hack, the surge in 0day discoveries, a new variant of the Xdr33 CIA Hive malware, and exclusive new information on the Cyberhaven Chrome extension security incident. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) BeyondTrust statement on hack investigation U.S. Treasury says it was hacked by China-backed actors Another Palo Alto 0day exploited in the wild US telcos say they've evicted Salt Typhoon Chinese hackers Google: What is BeyondCorp? Introducing the MISP Threat Actor Naming Standard MISP: Recommendations on Naming Threat Actors New variant of the CIA HIVE attack kit Xdr33 Variant Of CIA's HIVE Attack Kit Emerges Savvy Seahorse connection to Cyberhaven incident US sanctions China's Integrity Technology over Flax Typhoon hacks Operation Aurora APT1 Exposing One of China’s Cyber Espionage Units…

Three Buddy Problem

1
Palo Alto network edge device backdoor, Cyberhaven browser extension hack, 2024 research highlights 1:53:11

12 weeks ago1:53:11

1:53:11

Three Buddy Problem - Episode 27 : We discuss the discovery of a Palo Alto network firewall attack and a stealthy network ed ge device backdoor (LITTLELAMB.WOOLTEA), the Cyberhaven hack and the shady world of browser extensions, and a look back at the top research projects that caught our attention in 2025. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) LITTLELAMB.WOOLTEA: Stealthy Network Edge Device Backdoor Palo Alto: Operation Lunar Peek Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts “A Digital Prison”: Surveillance and the suppression of civil society in Serbia Cyberhaven breach reported. Employee phished and pushed malicious chrome extension GRU 29155 doing cyber operations How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days Operation MiddleFloor: Unmasking the Disinformation Campaign Targeting Moldova's National Elections NSPX30: A sophisticated AitM-enabled implant evolving since 2005 backdoor in upstream xz/liblzma leading to ssh server compromise PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem The Tech Coup - How to Save Democracy from Silicon Valley…

Three Buddy Problem

1
US government's VPN advice, dropping bombs on ransomware gangs 1:58:40

12 weeks ago1:58:40

1:58:40

Three Buddy Problem - Episode 26 : We dive deep into the shadowy world of surveillance and cyber operations, unpacking Amnesty International's explosive report on NoviSpy, a previously unknown Android implant used against Serbian activists, and the links to Israeli forensics software vendor Cellebrite. Plus, thoughts on the US government’s controversial guidance on VPNs, Chinese reports on US intel agency hacking, TP-Link sanctions chatter, Mossad's dramatic exploding beeper operation and the ethical, legal, and security implications of escalating cyber-deterrence. Also, a mysterious BeyondTrust 0-day! Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Surveillance and the suppression of civil society in Serbia CISA: VPN and mobile device security guidance Costin Raiu: Staying safe from Pegasus, Chrysaor and other APT mobile malware (2024 update) Bitsight: The Aftermath of the Kaspersky Ban US Probes China-Founded Router Maker TP-Link Rob Joyce: Move away from TP-Link China report on US intelligence corporate hacking Foreign hackers need to face real consequences Israel's Mossad spent years orchestrating Hezbollah pager plot BeyondTrust 0day Sophos Firewall CVSS 9.8 bulletin…

Three Buddy Problem

1
Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for 2:14:07

14 weeks ago2:14:07

2:14:07

Three Buddy Problem - Episode 25 : An update on Romania’s cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. Cast: Juan Andres Guerrero-Saade , Costin Raiu and Ryan Naraine . Links: Transcript (unedited, AI-generated) Turla using tools of other groups to attack Ukraine (Microsoft) EpicTurla.com: The lost reports Microsoft Recall screenshots credit cards and SSNs Stephan Casas: macOS applications quietly capturing screenshots CVE-2024-49138 - MS 0day exploited in the wild Sanctions hit Chinese company behind Sophos 0day attack SentinelLabs: Operation Digital Eye Careto APT’s recent attacks discovered Claroty: Inside a New OT/IoT cyberweapon Predatory Sparrow: cyber sabotage with a conscience? Willow, Google's state-of-the-art quantum chip What sucks in security? Research findings from 50+ security leaders…

Three Buddy Problem

1
Inside the Turla Playbook: Hijacking APTs and fourth-party espionage 1:47:08

15 weeks ago1:47:08