China doxxes NSA, CVE’s funding crisis, Apple’s zero-day troubles

Three Buddy Problem – Episode 42: We dig into news that China secretly fessed up to the Volt Typhoon hacks and followed up with claims that named NSA agents launched advanced cyberattacks against the Asian Winter Games. Plus, the MITRE CVE funding crisis, new Apple 0days in the wild includes PAC bypass exploit, Microsoft Patch Tuesday zero-days.

Plus, the effectiveness of Lockdown Mode, the rising costs of mobile exploits, Chris Krebs' exit from SentinelOne after a presidential executive order, and the value and effectiveness of security clearances.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• China names alleged NSA cyberattack agents
• WSJ: In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks
• Apple Quashes Two Zero-Days With iOS, MacOS Patches
• Apple bulletin – iOS 18.4.1 Security Vulnerabilities
• Android zero-days documented
• MITRE CVE Program Gets Last-Hour Funding Reprieve
• NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
• EU issues US-bound staff with burner phones to avoid espionage
• Exploitation of CLFS zero-day leads to ransomware
• Google announces Sec-Gemini v1 cybersecurity model