Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft.
Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.
Links:
- Transcript (unedited, AI-generated)
- Apple iOS 18.3.1 zero-day bulletin
- Apple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
- Quarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)
- ZDI Patch Tuesday recap (exploited Windows 0days)
- The BadPilot campaign (Seashell Blizzard subgroup)
- Rapid7 on PostgreSQL zero-day linked to BeyondTrust 0days
- PostgreSQL 0day advisory (CVE-2025-1094)
- Google partial disclosure of high-risk flaw in AMD microcode
- AMD SEV Confidential Computing Vulnerability (CVE-2024-56161)
- Fortinet documents another exploited 0day
- Storm-2372 conducts device code phishing campaign
- CrowdStrike on malware naming schemes
Fler avsnitt av Three Buddy Problem
Visa alla avsnitt av Three Buddy ProblemThree Buddy Problem med Security Conversations finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.