Three Buddy Problem

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 94: We discuss a mysterious, VM-obfuscated backdoor that lived undetected on a single U.K. machine for a year before disappearing, finding clues pointing to an elite-level APT intrusion that still evades broader industry coverage.

Plus, connecting the dots across AI-driven vulnerability discovery, Microsoft’s massive Patch Tuesday, Jensen Huang talks cybersecurity, Mythos dangers and Chinese chips, and the quiet erosion of CVE enrichment at NIST.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Timestamps:

0:00 – Intros + AI news whiplash

5:10 – Patch Tuesday breakdown: Microsoft's second-largest CVE release ever

7:32 – AI accelerating vulnerability discovery at record pace

10:00 – Frontier lab cyber models, fine-tuning, guardrail removal & KYC

12:37 – FreeBSD NFS bug: Opus 4.6 was already finding critical vulns

14:26 – Anthropic's infrastructure strain: Is Opus being nerfed?

21:05 – OpenAI's Trusted Access for Cyber vs. Anthropic's Mythos cabal

28:45 – SharePoint zero-day CVE-2026-32201: The endless Microsoft tax

34:36 – Adobe Acrobat zero-day: A rare, real, Russia-linked exploit in the wild

41:36 – VirusTotal mining: The golden age of threat intel hunting

50:03 – ZionSiphon: Vibe-coded OT malware targeting Israeli water infrastructure

55:04 – Paleontology of threat research: When do you publish? Who do you trust?

1:13:53 – Angry Spark: A one-machine, one-year backdoor raises eyebrows

1:49:25 – Jensen Huang vs. Dwarkesh Patel on Mythos, China and chips

2:14:32 – Chinese AI distillation: 24,000 fake Anthropic accounts, DeepSeek & the catch-up question

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.)

Three Buddy Problem - Episode 93: We discuss Anthropic's release of Claude Mythos Preview (an AI model so capable and dangerous they won't release it publicly) and debate the looming patching crisis, bug bounty extinction, possible US government nationalization of frontier labs, and why the NSA might not be thrilled about all this bug-fixing.

Plus, North Korea's six-month Drift Protocol con job, APT28's retro DNS hijacking campaign, and Microsoft's driver signing mess hitting WireGuard and VeraCrypt.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

00:00 — Opening banter

01:36 — Anthropic Mythos Preview + Project Glasswing

06:17 — USG reaction + Wall Street emergency meeting

10:54 — Mythos capabilities vs hype (technical reality check)

13:44 — PR stunt? Skepticism of Anthropic narrative

20:42 — The patching crisis + “defender advantage”

27:41 — Bug bounty model under threat from AI

33:37 — Mythos practical workflows

45:09 — Geopolitics, NSA angle, and nationalization discussion

01:40:18 — Fortinet zero-day + ongoing failures

01:42:39 — Drift Protocol heist ($285M) + long-term social engineering

01:44:07 — Revisiting XZ Utils / Jia Tan attribution

01:54:07 — Crypto security gaps + need for real CTI in blockchain

02:04:22 — APT28 DNS hijacking + router compromise campaign

02:18:57 — Microsoft driver signing meltdown + ecosystem impact

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Three Buddy Problem - Episode 92: Costin walks through real-world ransomware incident response while Juanito makes the case for AI-generated operating systems that never run anyone else's code. Plus, debates on whether vulnerability research is cooked, why nobody should pay ransoms, and what the security industry looks like after the massive AI flood.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

0:00 – Introductory banter

2:00 – Costin's ransomware incident response work

3:30 – How attackers break in: Fortinet vulnerabilities everywhere

6:30 – Hunting for ransomware decryption keys

9:00 – Breaking into ransomware C2s and monitoring leak sites

12:00 – The ransom payment debate: should you ever pay?

16:00 – Why "don't pay the ransom" is overgeneralized

21:00 – How ransomware gangs price their demands

24:00 – The AI-pilling of the security industry

28:30 – Nicholas Carlini, Ptacek, and "vulnerability research is cooked"

35:00 – Towards a generative-first operating system

41:00 – Code factories, trusted computing, and killing dependencies

48:00 – Microsoft and Apple's AI positioning

56:00 – Chris St. Myers' "Cognitive Rust Belt" essay

1:18:00 – Choice, The Matrix, and the illusion of control

1:38:00 – Supply chain attacks, North Korea, and dependency sprawl

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Security Conversations: Jeremy Bannon, founder/CEO of The Cyber Health Company, joins Ryan Naraine to discuss why executive personal cybersecurity is a growing blind spot for organizations, and real-world incidents where personal compromises became corporate crises.

Plus, why CISOs struggle to secure the C-suite's personal lives, and how a healthcare-inspired model (complete with risk scores, care plans, and concierge support) can help companies close the gap.

0:00 — Introduction to The Cyber Health Company

1:00 — Why personal security is a blind spot for organizations

2:00 — Real examples: Disney hack, Instagram compromise, productivity loss

6:50 — Executives circumventing IT policy and Shadow-AI

8:43 — Digital immunity: resilience and incident response readiness

10:25 — The healthcare model for cybersecurity communication

12:14 — How the Cyber Health Score and risk coefficient work

15:34 — OSINT intake: why your social security number isn't private

17:26 — The state of executive security hygiene and the concierge model

35:00 — AI, deepfakes, and the scaling of commodity attacks

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Three Buddy Problem - Episode 91: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines.

Plus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

0:00 Intro & Pre-Show Banter

3:08 JAGS in San Francisco: RSAC week recap

6:05 Google Launches Cyber Disruption Unit — What's Actually New?

13:43 Why Separate Disruption Units Matter: ROI & Budget Justification

29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine

32:37 The VC Ponzi Cycle & How Easy Money Hollowed Out Cybersecurity

47:32 ENT.ai & Tenex AI Hackathon at RSAC

53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation

1:08:09 Trenchant Cleanup & Lessons from Equation Group Burns

1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law

1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail

1:37:32 LeakBase Admin "Chucky" Arrested in Russia — FSB Gets the Data

1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM & Trivy

2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?