Three Buddy Problem

Security Conversations
  • 4.9 (62)
  • TECHNOLOGY
  • UPDATED WEEKLY

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

  1. Jeremy Banon: Personal Exec Compromise as Corporate Incident

    11H AGO

    Jeremy Banon: Personal Exec Compromise as Corporate Incident

    (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Security Conversations: Jeremy Bannon, founder/CEO of The Cyber Health Company, joins Ryan Naraine to discuss why executive personal cybersecurity is a growing blind spot for organizations, and real-world incidents where personal compromises became corporate crises. Plus, why CISOs struggle to secure the C-suite's personal lives, and how a healthcare-inspired model (complete with risk scores, care plans, and concierge support) can help companies close the gap. 0:00 — Introduction to The Cyber Health Company 1:00 — Why personal security is a blind spot for organizations 2:00 — Real examples: Disney hack, Instagram compromise, productivity loss 6:50 — Executives circumventing IT policy and Shadow-AI 8:43 — Digital immunity: resilience and incident response readiness 10:25 — The healthcare model for cybersecurity communication 12:14 — How the Cyber Health Score and risk coefficient work 15:34 — OSINT intake: why your social security number isn't private 17:26 — The state of executive security hygiene and the concierge model 35:00 — AI, deepfakes, and the scaling of commodity attacks

    36 min
  2. Google's Cyber Disruption Unit; Coruna is Triangulation, US Bans Foreign-Made Routers

    4D AGO

    Google's Cyber Disruption Unit; Coruna is Triangulation, US Bans Foreign-Made Routers

    (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 91: This week we dig into Google's new cyber threat disruption unit announced at RSAC, Kaspersky confirming Coruna is a direct evolution of Operation Triangulation, and a cascading supply chain compromise that chained through LiteLLM, Trivy, and Checkmarx into thousands of software pipelines. Plus, VCs and the breathless AI hype, Apple's iOS 26.4 and silent patches, the FCC's ban on foreign-made routers, and Symantec catching an APT looking for Chinese military data. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. 0:00 Intro & Pre-Show Banter 3:08 JAGS in San Francisco: RSAC week recap 6:05 Google Launches Cyber Disruption Unit — What's Actually New? 13:43 Why Separate Disruption Units Matter: ROI & Budget Justification 29:11 Haroon Meer's RSA Reality Check: The AI Hype Machine 32:37 The VC Ponzi Cycle & How Easy Money Hollowed Out Cybersecurity 47:32 ENT.ai & Tenex AI Hackathon at RSAC 53:08 Kaspersky Links Corona Exploit Kit to Operation Triangulation 1:08:09 Trenchant Cleanup & Lessons from Equation Group Burns 1:19:31 Apple iOS Patches, Hong Kong Device Passcode Law 1:27:53 Handala Hacks FBI Director Kash Patel's Personal Gmail 1:37:32 LeakBase Admin "Chucky" Arrested in Russia — FSB Gets the Data 1:45:38 Supply Chain Attacks: TeamPCP Hits LiteLLM & Trivy 2:04:34 FCC Bans Foreign-Made Routers — But What Do We Buy?

    2h 32m
  3. The greatest APT hunter of all time, Apple's exploit kit problem, Microsoft FedRAMP mess

    MAR 20

    The greatest APT hunter of all time, Apple's exploit kit problem, Microsoft FedRAMP mess

    (Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.) Three Buddy Problem - Episode 90: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. Plus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

    2h 27m
  4. Handala wiper attacks, APT28 implant devs are back, Signal's verification problems

    MAR 14

    Handala wiper attacks, APT28 implant devs are back, Signal's verification problems

    (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 89: We discuss Iran hacktivist group 'Handala' wiper attacks against US medical device maker Stryker, Microsoft Intune MDM tool abuse, and whether Iran's cyber retaliation is as scary as the headlines suggest. Plus, ESET's discovery that Russia's APT28 original implant developers are back after years of silence, Dutch intelligence warnings on Russian campaigns targeting Signal and WhatsApp accounts, Apple finally patching Coruna exploit kit vulnerabilities for older iPhones, and Google sharing Coruna samples that raise new questions about the exploit kit's proliferation chain. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

    1h 44m
  5. Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework

    MAR 6

    Trenchant, Peter Williams, and the proliferation of a Shadow Brokers-level iOS exploit framework

    (Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.) Three Buddy Problem - Episode 88: We unpack the fallout from public documentation of the Coruna iOS exploit kit, the likely connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use, and the widening use of zero-days by surveillance vendors and cybercriminals. Plus, fresh signs of cyber-warfare activity tied to Iran and Israel, the FBI’s disclosure of a breach affecting internal surveillance systems, and the latest debate over AI, security tooling, and Anthropic’s public stumbles. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

    1h 60m
  6. Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery

    MAR 5

    Matthias Frielingsdorf on the mysterious Coruna iOS exploit kit discovery

    (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Matthias Frielingsdorf (co-founder and VP of Research at iVerify) joins the show to discuss the mysterious US government connection to 'Coruna', an iOS exploit kit fitted with 23 exploits across five full chains targeting iPhones iOS 13 through 17.2.1. We talk about a "gut feeling" connecting this to the L3 Trenchant/Peter Williams exploit sale scandal, how a nation-state-grade exploit kit ended up in the hands of a Chinese cybercrime group chasing crypto wallets, and what it means that criminal organizations are now deploying iPhone zero-days at scale. Matthias walks through what iVerify can and can't do on Apple's locked-down platform, why he thinks Apple needs to give defenders more access, the Lockdown Mode debate, the thorny issue of sample sharing in the research community, and practical advice for everyday iPhone users facing a threat landscape that just got a lot more complicated.

    39 min
  7. Threat Hunter Greg Linares on the modern ransomware playbook

    MAR 3

    Threat Hunter Greg Linares on the modern ransomware playbook

    (Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Huntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale. The conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.

    50 min
  8. War in Iran, Anthropic v Pentagon, Trenchant zero-day sanctions, AI stock market shocks

    FEB 28

    War in Iran, Anthropic v Pentagon, Trenchant zero-day sanctions, AI stock market shocks

    (Presented by Thinkst Canary: Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.) Three Buddy Problem - Episode 87: We wake up to news of U.S./Israel military action against Iran and the expected fallout, including Tehran’s cyber capabilities and proxy risks. Plus: Anthropic’s clash with the Pentagon over AI use in warfare, market shockwaves from AI-driven security tools, mass layoffs tied to automation, Trenchant exec sentencing and sanctions in the exploit trade, and fresh questions around Cisco’s SD-WAN breach and supply-chain trust. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

    2h 8m
See All (213)

4.9
out of 5
62 Ratings

About

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

Information

  • Creator
    Security Conversations
  • Years Active
    2018 - 2026
  • Episodes
    213
  • Rating
    Explicit
  • Copyright
    © 2026 The Naraine Group
  • Show Website
    Three Buddy Problem

You Might Also Like