An 'extremely sophisticated' iPhone hack; Google flags major AMD microcode bug

Three Buddy Problem - Episode 34: We dig into the latest exploited Apple iPhone zero-day (USB Restricted Mode bypass), an AMD microcode flaw so serious it’s not being fully disclosed, a barrage of Patch Tuesday updates, the helpless nature of trying to defend corporate networks, Russian threat actor movements, and fresh intel from Rapid7, Volexity, and Microsoft. Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.Links:Transcript (unedited, AI-generated)Apple iOS 18.3.1 zero-day bulletinApple Says iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ AttackQuarkslab: Analysis of USB Restricted Mode bypass (CVE-2025-24200)ZDI Patch Tuesday recap (exploited Windows 0days)The BadPilot campaign (Seashell Blizzard subgroup)Rapid7 on PostgreSQL zero-day linked to BeyondTrust 0daysPostgreSQL 0day advisory (CVE-2025-1094)Google partial disclosure of high-risk flaw in AMD microcodeAMD SEV Confidential Computing Vulnerability (CVE-2024-56161)Fortinet documents another exploited 0dayStorm-2372 conducts device code phishing campaignCrowdStrike on malware naming schemes