A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek. Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)Microsoft Flags Six Active Zero-Days, Patches 57 FlawsUnpatched.ai discoveriesApple Ships iOS 18.3.2 to Fix Already-Exploited WebKit FlawApple iOS 18.3.2 and iPadOS 18.3.2 documentationCitizen Lab: Predator in the wiresFreeType Zero-Day Being Exploited in the WildCVE-2020-15999: FreeType Heap Buffer OverflowMandiant : Ghost in the Juniper routerJun OS out-of-cycle security bulletin (CVE-2025-21590)Juniper Malware Removal ToolBinarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code BehaviorCrypto Trader Loses $215,000 in MEV Sandwich Attack on UniswapThe Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big ProfitsReuters journalist Raphael Satter loses overseas citizenshipYanis Varoufakis: Trump’s tariff chaos explainedTechnofeudalism: What Killed Capitalism (Yanis Varoufakis)