In today's podcast, the FBI and CIA are reported to be looking for the source of a compromise that shut down CIA agents in China between 2010 and 2012: hackers or moles, no one knows. Or was it just a tradecraft mismatch? WannaCry has been slowed, at least temporarily. Observers speculate the ransomware may have been a probe. Other uses of EternalBlue exploits look more focused and more disciplined, and arguably more serious. WikiLeaks dumps another leaked implant. Johns Hopkins' Joe Carrigan gives us the VPN basics. And the ShadowBrokers are expected to open their Leak-of-the-Month Club in June (subscription only).