An ‘extremely sophisticated’ iPhone hack; Google flags major AMD microcode bug

About the episode

Three Buddy Problem – Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

Transcript (unedited, AI-generated)
Apple iOS 18.3.1 zero-day bulletin
Apple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Quarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)
ZDI Patch Tuesday recap (exploited Windows 0days)
The BadPilot campaign (Seashell Blizzard subgroup)
Rapid7 on PostgreSQL zero-day linked to BeyondTrust 0days
PostgreSQL 0day advisory (CVE-2025-1094)
Google partial disclosure of high-risk flaw in AMD microcode
AMD SEV Confidential Computing Vulnerability (CVE-2024-56161)
Fortinet documents another exploited 0day
Storm-2372 conducts device code phishing campaign
CrowdStrike on malware naming schemes

Facebook
Twitter
Linkedin

An ‘extremely sophisticated’ iPhone hack; Google flags major AMD microcode bug

About the episode

Share

Tags