(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)
Three Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors.
Plus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Links:
- Transcript (unedited, AI-generated)
- Material Security (use cases)
- Sean Heelan on the coming industrialisation of exploit generation with LLMs
- VoidLink Shows AI-Generated Malware Has Begun
- LLMs in the SOC: Why Benchmarks Fail Security Operations Teams
- CISA advisory on BRICKSTORM backdoor
- Node.js — New HackerOne Signal Requirement
- AI slop security reports submitted to cURL
- Arctic Wolf on FortiGate attacks via SSO accounts
- New Cisco Remote Code Execution Vulnerability
- From Protest to Peril: Cellebrite Used Against Jordanian Civil Society
- Microsoft on multi‑stage AiTM phishing and BEC campaign abusing SharePoint
- Microsoft Gave FBI BitLocker Encryption Keys
- The Mastermind: Drugs. Empire. Murder. Betrayal
- Kim Zetter: Cyberattack on Poland’s energy grid used a wiper
- ESET on 'DynoWiper' malware
Fler avsnitt av Three Buddy Problem
Visa alla avsnitt av Three Buddy ProblemThree Buddy Problem med Security Conversations finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.