Claim OwnershipThree Buddy Problem
Subscribed: 215Played: 3,775
Subscribe
© 2026 The Naraine Group
Description
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks.
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
210 Episodes
Reverse
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest.
Plus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)
Three Buddy Problem - Episode 88: We unpack the fallout from public documentation of the Coruna iOS exploit kit, the likely connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use, and the widening use of zero-days by surveillance vendors and cybercriminals.
Plus, fresh signs of cyber-warfare activity tied to Iran and Israel, the FBI’s disclosure of a breach affecting internal surveillance systems, and the latest debate over AI, security tooling, and Anthropic’s public stumbles.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1.
We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale.
Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Huntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale.
The conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.
(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)
Three Buddy Problem - Episode 87: We wake up to news of U.S./Israel military action against Iran and the expected fallout, including Tehran’s cyber capabilities and proxy risks. Plus: Anthropic’s clash with the Pentagon over AI use in warfare, market shockwaves from AI-driven security tools, mass layoffs tied to automation, Trenchant exec sentencing and sanctions in the exploit trade, and fresh questions around Cisco’s SD-WAN breach and supply-chain trust.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)
Three Buddy Problem - Episode 86: We dig into GitLab’s explosive look at North Korea’s “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent.
Plus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple’s shutdown logs, and thoughts on addictive AI coding agents affecting human purpose.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)
Three Buddy Problem - Episode 85: Top stories this week include drone incursions over El Paso and the murky line between cartel activity, anti-drone tech testing, and full-blown hybrid warfare; updates on the Notepad++ supply chain fallout; Microsoft’s zero-day treadmill and AI-enabled attack surfaces; and Apple’s “extremely sophisticated” iOS exploits.
Plus, Europe’s growing appetite for offensive cyber, Palo Alto and the uncomfortable politics of cyber attribution, Singapore on telco intrusions, and the economics of end-of-life infrastructure.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.)
Three Buddy Problem - Episode 84: We process the cybersecurity fallout from the latest Epstein document dump, focusing on why redactions fail in the AI era and how quickly modern tools can unravel them. The conversation moves from sloppy redaction practices and exploit mythology to harder questions about ethics, accountability, and silence within the infosec community.
Plus, inside the Notepad++ supply-chain compromise attributed to a known Chinese APT, Microsoft’s security executive changes, Anthropic's AI-driven vulnerability discovery, China-linked network implants, and Lockdown Mode thwarting FBI investigators.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.
Plus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors.
Plus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 81: We dissect New York Times reporting on the "precision" of US cyber operations in Venezuela, the competing narratives around offensive cyber capabilities and "letters of marque" for private hackers. Plus, a mysterious failed cyber attack on Poland's power grid, internet blackouts in Iran (with fascinating DNS telemetry revealing Chinese bank traffic and Russian website spikes), and news of China's ban on US/Israeli cybersecurity software.
We also cover Check Point's research on "VoidLink" (is it a successor to ShadowPad?), Microsoft's threat intelligence sharing practices, and Google Project Zero's disclosure of zero-click vulnerabilities caused by AI-powered transcription features.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 80: Researcher Hamid Kashfi returns to unpack Iran’s latest unrest, separating economic reality from propaganda while examining how information control, cyber pressure, and state surveillance are shaping events on the ground.
Plus, did cyber make the lights go out in Venezuela?
Cast: Hamid Kashfi, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 79: We cover MongoBleed (CVE‑2025‑14847), exposed MongoDB deployments, and the sad realization that zero-day attacks are a normal, everyday occurrence. Plus, AI’s expanding role and misuse across products and workflows, proximity attacks against Bluetooth audio devices, spyware sanctions de-listings, and ransomware economics.
In a special mailbag segment, we give our book recommendations and respond to common questions from the listeners.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)
Three Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered.
Plus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)
Three Buddy Problem - Episode 77: New React2Shell data from Microsoft, fresh Apple and Cisco zero-days already in the wild, and state-linked campaigns from Russia and China that show a merging of espionage, crime, and infrastructure disruption.
Plus, the US government's push to enlist private firms in offensive hacking, letters of marque for cartels, new discovery of spyware used against journalists in Belarus, and Amazon catching North Koreans via keystroke latency.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)
Three Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups.
Plus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)
Three Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.
Plus, commentary on Chrome’s telemetry collection, Microsoft and the "SFI success story," newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 74: We attempt to parse the rumor-fog around Microsoft’s CISO at CYBERWARCON and what it reveals about the company’s shifting posture on intel sharing, regulation, and its outsized grip on the security ecosystem. Plus, coverage of the Shai-Hulud npm supply-chain mess, CISA’s mobile spyware guidance, NSO’s legal contortions, a sharp new GRU-linked intrusion from Arctic Wolf.
We also discuss the FCC retreating on telco security rules, and the emerging AI arms race shaping how cloud giants hunt threats and how Washington misunderstands all of it.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 73: The buddies react to Google’s release of Gemini 3 and its early performance, new Chrome interface changes landing on users’ machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon’s latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline.
Plus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.
Three Buddy Problem - Episode 72: We unpack Anthropic’s conflicting self-promotion around the “first AI-orchestrated cyberattack” using Claude Code and the future of automated APT attacks.
Plus, Chinese cyber vendor KnownSec falls victim to data breach, fresh accusations that the U.S. stole billions in Bitcoin, Amazon warning about Cisco/Citrix zero-days, Google’s new Private AI Compute and Microsoft kernel zero-day marked as "actively exploited."
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Comments
Download from Google Play
Download from App Store
United States