A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting

Three Buddy Problem - Episode 38: On the show this week, we look at a hefty batch of Microsoft zero-days exploited in the wild, iOS 18.3.2 fixing an exploited WebKit bug, a mysterious Unpatched.ai being credited with Microsoft Access RCE flaws, and OpenAI lobbying for the US to ban China's DeepSeek.

Plus, discussion on a Binarly technical paper with new approach to finding UEFI bootkits, Mandiant flagging custom backdoors on Juniper routers, and MEV 'sandwich attacks' front-running cryptocurrency transactions.

Cast: Juan Andres Guerrero-Saade, Costin Raiu and Ryan Naraine.

Links:

• Transcript (unedited, AI-generated)
• Microsoft Flags Six Active Zero-Days, Patches 57 Flaws
• Unpatched.ai discoveries
• Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw
• Apple iOS 18.3.2 and iPadOS 18.3.2 documentation
• Citizen Lab: Predator in the wires
• FreeType Zero-Day Being Exploited in the Wild
• CVE-2020-15999: FreeType Heap Buffer Overflow
• Mandiant : Ghost in the Juniper router
• Jun OS out-of-cycle security bulletin (CVE-2025-21590)
• Juniper Malware Removal Tool
• Binarly: UEFI Bootkit Hunting -- In-Depth Search for Unique Code Behavior
• Crypto Trader Loses $215,000 in MEV Sandwich Attack on Uniswap
• The Secretive World Of MEV, Where Bots Front-Run Crypto Investors For Big Profits
• Reuters journalist Raphael Satter loses overseas citizenship
• Yanis Varoufakis: Trump’s tariff chaos explained
• Technofeudalism: What Killed Capitalism (Yanis Varoufakis)