Episode Details

(Presented by ThreatLocker: Allow what you need. Block everything else by default, including ransomware and rogue code.)

Three Buddy Problem - Episode 76: On the show this week, Costin walks through how a single Romanian documentary kick-started nationwide protests, exposing how corruption can be perfectly legal when the law itself is gamed, and why this moment feels different, darker, and more consequential than past flare-ups.

Plus, news on the React-to-Shell exploitation wave overwhelming the internet, why patching is structurally hard, and how APTs and criminals are converging on the same fragile dependency chain. Along the way, they take aim at Microsoft’s shrinking transparency, the limits of vendor trust, and what it really means when defenders are told (again) to just patch and pray.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• ThreatLocker : A security platform that prevents ransomware
• The Anatomy of a React2Shell Compromise (TLPBLACK)
• CVE-2025-55182 Analysis Report (GreyNoise)
• Exploitation of Critical Vulnerability in React Server Components
• PeerBlight Linux Backdoor Exploits React2Shell (Huntress)
• Patch Tuesday round-up (ZDI)
• How Two Hackers Went From Cisco Academy to Cisco CVEs
• Two Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’
• OpenAI on dual-use AI risks
• Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
• DOJ Actions to Combat Two Russia