Security Conversations

Three Buddy Problem

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

Author

Security Conversations

Category

Technology

Latest episode

Jul 4, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Live at LABScon: Visi Stark shares memories of creating the APT1 report 24.09.2025

Three Buddy Problem - Episode 63 : Co-founder of the Vertex Project Visi Stark joins the buddies to reminisce about his work writing Mandiant's famous APT1 report, the China-nexus threat landscape, the value of cyber threat intelligence, APT-naming schemes, and more... (Recorded at LABScon 2025) Cast: Juan Andres Guerrero-Saade , Ryan Naraine and Visi Stark .

Live at LABScon: Lindsay Freeman on tracking Wagner Group war crimes 24.09.2025

Three Buddy Problem - Episode 62 : Lindsay Freeman, Director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law, joins the show to discuss her team's meticulous work to document the Wagner Group's chain of command, military operations in parts of Africa, and the broadcasting of war crimes on social media platforms like Telegram. (Recorded at LABScon 2...

Can Apple's New Anti-Exploit Tech Stop iPhone Spyware Attacks? 09.09.2025

Three Buddy Problem - Episode 61 : We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chine...

Salt Typhoon IOCs, Google floats ‘cyber disruption unit’, WhatsApp 0-click 29.08.2025

Three Buddy Problem - Episode 60 : We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn’t), and what’s actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit. Plus, Costin details his hunting stack and...

Zero-day reality check: iOS exploits, MAPP in China and the hack-back temptation 22.08.2025

Three Buddy Problem - Episode 59 : Apple drops another emergency iOS patch and we unpack what that “may have been exploited” language really means: zero-click chains, why notifications help but forensics don’t, and the uncomfortable truth that Lockdown Mode is increasingly the default for high-risk users. We connect the dots from ImageIO bugs to geopolitics, discuss who’s likely using these exploi...

On AI’s future, security’s failures, and what comes next... 15.08.2025

Three Buddy Problem - Episode 58 : The buddies react to the Brandon Dixon episode, digging into what it’s really like to scale products inside a tech giant, navigate politics, and bring features to millions of machines. Plus, an exploration of the AI cybersecurity gold rush, the promise and hype, and the gamble for startups versus the slow-moving advantage of incumbents. We revisit the Chinese "cy...

Live from Black Hat: Brandon Dixon parses the AI security hype 07.08.2025

Three Buddy Problem - Episode 57 : Brandon Dixon (PassiveTotal/RiskIQ, Microsoft) leads a deep-dive into the collision of AI and cybersecurity. We tackle Google’s “Big Sleep” project, XBOW’s HackerOne automation hype, the long-running tension between big tech ownership of critical security tools and the community’s need for open access. Plus, the future of SOC automation to AI-assisted pen testing...

Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service 01.08.2025

Three Buddy Problem - Episode 56 : China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get righ...

Microsoft Sharepoint security crisis: Faulty patches, Toolshell zero-days 25.07.2025

Three Buddy Problem - Episode 55 : A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also rev...

Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese ‘digital escorts’ 18.07.2025

Three Buddy Problem - Episode 54 : Europol busted pro‑Russian hacktivist crew NoName 057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked “war influencers” streamed atrocities from Africa, and fresh tech worries ranged from a $500 RF flaw that can hijack U.S. train brakes. Plus, ProPublica on Microsoft’s China‑based “digital escorts,” Google’s headline‑grabbing AI‑found...

How did China get Microsoft's zero-day exploits? 10.07.2025

Three Buddy Problem - Episode 53 : We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? Plus, China's massive cyber capabilities pipeline, ‘theCo...

Who’s hacking who? Ivanti 0-days in France, China outs 'Night Eagle' APT 03.07.2025

Three Buddy Problem - Episode 52 : Fresh intelligence reports out of Europe and China: France’s ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne’s “Purple Haze” res...

Israel-Iran cyberwar: Predatory Sparrow, vanishing crypto, destructive bank hacks 20.06.2025

Three Buddy Problem - Episode 51 : Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel’s a...

Cyber flashpoints in Israel-Iran war, the 'magnet of threats', Mossad drone swarms 13.06.2025

Three Buddy Problem - Episode 50 : This week, we dissect cyber flashpoints in the Iran-Israel war, revisit the “magnet of threats” server in Iran that attracted APTs from multiple nation-states, and react to Israel's Mossad sneaking explosive drone swarms deep into Iran to support airstrikes. Plus, Stealth Falcon’s new WebDAV zero-day, SentinelOne’s brush with Chinese APTs, Citizen Lab’s forensic...

Mikko Hypponen talks drone warfare, APT naming schemes 06.06.2025

Three Buddy Problem - Episode 49 : Cybersecurity veteran Mikko Hypponen joins the show to discuss the fast-changing life and times on NATO’s newest frontline, how Ukraine’s long-range “Spiderweb” drone swarms punched holes in Russian air bases, the cyber connections to the escalating drone warfare, and the coming wave of autonomous “killer robots”. Plus, news on Ukraine’s hack of bomber-maker Tupo...

The dark hole of 'friendlies' and Western APTs 30.05.2025

Three Buddy Problem - Episode 48 : We unpack a Dutch intelligence agencies report on ‘Laundry Bear’ and Microsoft’s parallel ‘Void Blizzard’ write-up, finding major gaps and bemoaning the absence of IOCs. Plus, discussion on why threat-intel naming is so messy, how initial-access brokers are powering even nation-state break-ins, and whether customers (or vendors) are to blame for the confusion. Pl...

Russia hacks Ukraine war supply lines, Signal blocks Windows screenshots, BadSuccessor vuln disclosure debate 23.05.2025

Three Buddy Problem - Episode 47 : We unpack a multi-agency report on Russia’s APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA’s sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia’s discovery of thousands of hijacked edge devices repurposed as honeypots. The back half vee...

A Coinbase breach with bribes, rogue contractors and a $20M ransom demand 16.05.2025

Three Buddy Problem - Episode 46 : We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cas...

JAGS keynote: The intricacies of wartime cyber threat intelligence 09.05.2025

Three Buddy Problem - Episode 45 : (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on th...

Signalgate redux, OpenAI's Aardvark, normalizing cyber offense 03.05.2025

Three Buddy Problem - Episode 44 : We unpack news that US government officials are using an obscure app to archive Signal messages, OpenAI’s new “Aardvark” code-evaluation and reasoning model and leapfrog implications, NSC cyber lead Alexei Bulazel on normalizing US offensive operations, and JP Morgan Chase CISO’s warning to software vendors. Plus, fresh SentinelOne threat-intel notes, France’s at...

Thomas Rid joins the show: AI consciousness, TP-Link's China connection, trust in hardware security 25.04.2025

Three Buddy Problem - Episode 43 : Director of the Alperovitch Institute for Cybersecurity Studies Thomas Rid joins the show for a deep-dive into the philosophical and ethical considerations surrounding AI consciousness and anthropomorphism. We dig into the multifaceted implications of AI technology, particularly focusing on data privacy, national security, and the philosophical questions surround...

China doxxes NSA, CVE's funding crisis, Apple's zero-day troubles 17.04.2025

Three Buddy Problem - Episode 42 : We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days. Plus, the effectiveness of Lockdown Mode, the risin...

NSA director fired, Ivanti's 0day screw-up, backdoor in robot dogs 04.04.2025

Three Buddy Problem - Episode 41 : Costin and Juanito join the show from Black Hat Asia in Singapore. We discuss Bunnie Huang's keynote on hardware supply chains and a classification system to establish a grounded perspective on trust in hardware, Ivanti's misdiagnosis of a critical VPN applicance flaw and Mandiant reporting on a Chinese APT exploiting Ivanti devices. Plus, breaking news on the su...

Signalgate and ID management hiccups, PuzzleMaker and Chrome 0days, Lab Dookhtegan returns 28.03.2025

Three Buddy Problem - Episode 40 : On the show this week, we look at the technical deficiencies and opsec concerns around the use of Signal for ultra-sensitive communications. Plus, some speculation on who's behind Kaspersky’s ‘Operation Forum Troll’ report, Chinese discussion on NSA/CIA mobile networks exploitation, and the return of ‘Lab Dookhtegan’ hack-and-leak exposures. Cast: Juan Andres Gue...

China exposing Taiwan hacks, Paragon spyware and WhatsApp exploits, CISA budget cuts 21.03.2025

Three Buddy Problem - Episode 39 : Luta Security CEO Katie Moussouris joins the buddies to parse news around a coordinated Chinese exposure of Taiwan APT actors, CitizenLab's report on Paragon spyware and WhatsApp exploits, an “official” Russian government exploit-buying operation shopping for Telegram exploits, the fragmentation of exploit markets and the future of CISA in the face of budget cuts...

Listen to the Three Buddy Problem podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.