Security Conversations
156
Security Conversations
03.14.2025 | 2:05''43'
A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting
About the episode
Three Buddy Problem – Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek.
Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions.
Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.
Links:
- Transcript (unedited, AI-generated)
- Microsoft Flags Six Active Zero-Days, Patches 57 Flaws
- Unpatched.ai discoveries
- Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw
- Apple iOS 18.3.2 and iPadOS 18.3.2 documentation
- Citizen Lab: Predator in the wires
- FreeType Zero-Day Being Exploited in the Wild
- CVE-2020-15999: FreeType Heap Buffer Overflow
- Mandiant : Ghost in the Juniper router
- Jun OS out-of-cycle security bulletin (CVE-2025-21590)
- Juniper Malware Removal Tool
- Binarly: UEFI Bootkit Hunting — In-Depth Search for Unique Code Behavior
- Crypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap
- The Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits
- Reuters journalist Raphael Satter loses overseas citizenship
- Yanis Varoufakis: Trump’s tariff chaos explained
- Technofeudalism: What Killed Capitalism (Yanis Varoufakis)