APTs pounce on React2Shell; BRICKSTORM backdoors; .gov surveillance

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 75: We dig into a CVSS 10/10 unauthenticated RCE bug causing chaos across the internet and early signs that Chinese APTs are already launching exploits, the cascading patch chaos, and a long tail of malware intrusions to come.

Plus, commentary on Chrome’s telemetry collection, Microsoft and the "SFI success story," newest BRICKSTORM backdoor intrusions, the US national security strategy, Anthropic's AI popping smart-contract bugs, a secret FBI ransomware-hunting unit getting weird, and a pair of sad stories in the security community.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

Transcript (unedited, AI-generated)
ThreatLocker — Meet the cybersecurity platform that prevents ransomware
An essay by Vess
RIP Stealth
Google Goodbye to the Chrome Cleanup Tool
US National Security Strategy (PDF)
Critical Security Vulnerability in React Server Components (CVE-2025-55182)
Chinese threat groups rapidly exploit React2Shell vuln
AWS MadPot
BRICKSTORM Backdoor (PDF)
WARP PANDA: A New Sophisticated China-Nexus Adversary
Meet Group 78, the secret US task force that fights cybercriminals
Recorded Future: Intellexa’s Global Corporate Web
Intellexa’s Prolific Zero-Day Exploits Continue
Published on 6 hours ago

Podcast Episode Details

APTs pounce on React2Shell; BRICKSTORM backdoors; .gov surveillance