In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google
• OpenAI announces its Aardvark bug-gobbling system
• Two US ransomware responders get arrested for… ransomware
• Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia
• Hackers help freight theft gangs steal shipments to resell
• A second Jabber Zeus mastermind gets his comeuppance 15 years on

This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!

Show Notes:

vx-underground on X: “Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…” https://x.com/vxunderground/status/1984684125341532264

FFmpeg on X: “@DavidEGrayson It’s someone’s hobby project of an obscure 1990s decoder…” https://x.com/ffmpeg/status/1984202651937255757

Halvar Flake on X: “Given the extremely big role ffmpeg has played historically…” https://x.com/halvarflake/status/1985245014914429064

thaddeus e. grugq on X: “Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg.” https://x.com/thegrugq/status/1985233053925732408

Robert Graham on X: “Current status: There’s a conflict between Google…” https://x.com/ErrataRob/status/1985809513568514394

Introducing Aardvark: OpenAI’s agentic security researcher | OpenAI https://openai.com/index/introducing-aardvark/

Bugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoop https://cyberscoop.com/bugcrowd-mayhem-security-acquistion-ai-security-testing/

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoop https://cyberscoop.com/incident-response-ransomware-professionals-charged-attacks/

Former Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being “Utilized” by Different Broker in South Korea https://www.zetter-zeroday.com/former-trenchant-exec-sold-stolen-code-to-russian-buyer-even-after-learning-that-other-code-he-sold-was-being-utilized-by-different-broker-in-south-korea/?ref=zero-day-newsletter

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch https://techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/

Operation Zero — A Zero-Day Vulnerability Platform https://opzero.ru/en/

John Scott-Railton on X: “7/ There’s a push to scale up America’s offensive industry right now…” https://x.com/jsrailton/status/1981430006132637837

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunch https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/

Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities Uncovered https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

Cargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future News https://therecord.media/cargo-theft-hackers-remote-monitoring-tools

Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics

Alleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future News https://therecord.media/alleged-conti-ransomware-affiliate-extradited-ireland-tennessee

Three suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future News https://therecord.media/meduza-stealer-malware-suspected-developers-arrested-russia

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody – Krebs on Security https://krebsonsecurity.com/2025/11/alleged-jabber-zeus-coder-mricq-in-u-s-custody/

Windows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity Dive https://www.cybersecuritydive.com/news/windows-server-update-service-exploitation-50-victims/804362/

Post by @paulschnack.bsky.social — Bluesky https://bsky.app/profile/paulschnack.bsky.s ocial/post/3m4hfefzm5c2w