Tackling CVE Chaos, Parquet Tool Insights, and EU Cyber Resilience Act Unpacked
🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including:💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it.🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues.Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives.Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights!✅ Like, subscribe, and follow to keep up with the latest in application security.00:00 Introduction02:20 Parquet Tool06:30 VulnCon 202509:09 EU Cyber Resilience Act16:45 CVE Program Chaos20:29 Pay Your Tolls!27:17 SAP Critical Vulnerability29:18 Outro
--------
30:46
--------
30:46
EV Car Hacking, AI-Generated Passports, & Japan’s Active Cyber Defense Bill
Join Merlyn Chase, MegaZone, and Aubrey on this week’s AppSec Now podcast as they dive into the latest topics in application security! 🚀 From the recent B-Sides Seattle conference to critical discussions on EV car hacking, cybersecurity quandaries, AI-generated passports bypassing KYC, and Japan’s groundbreaking Active Cyber Defense Bill—you don’t want to miss this one. Plus, learn how AppSecNow is keeping you ahead with insights by F5 Labs and the F5 Security Incident Response Team.Stay informed, stay secure—like, subscribe, and follow for all things AppSec!00:00 Introduction03:10 EV Car Hacking12:25 AI Generated Passports21:35 LLMs Do Not Trust Humans28:31 Japan's Active Cyber Defense Bill34:19 Outro
Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/34070800:00 Introduction04:01 F5 Labs: AWS EC2 SSRF10:44 Oracle Cloud Breach16:44 Verizon iOS App Exposure20:23 BeaverTail Malware via NPM24:43 Golang Ghost Malware28:34 Apache Parquet RCE - CVSS 10 !!!34:12 Outro
--------
35:08
--------
35:08
NGINX Kubernetes IngressNightmare, Critical Next.js CVE, Chrome Zero Day - Ep.32
Dive into the latest episode of AppSecNow, where we break down the Ingress Nightmare vulnerability impacting NGINX and Kubernetes environments, plus the implications of a critical CVE in Next.js, one of the most widely-used JavaScript frameworks with 9 million weekly downloads.Join Aubrey, Chase, and Merlyn for expert analysis on the security landscape, from Chromium Zero Day concerns to ransomware gangs getting pwned. Stay informed on the front lines of application security with actionable advice from DevCentral's experts.00:00 Introduction01:45 IngressNightmare08:39 Next.js Critical CVE12:07 Chrome Zero Day16:22 New Agents For Security Copilot24:57 HaveIBeenPwned Mail List Leak27:10 BlackLock RaaS Gang Pwned30:28 Outro
--------
31:22
--------
31:22
Vibe Coding, F5 Labs Bot Report, Google Buys Wiz And More | AppSec Now Ep 31
Welcome to the 31st episode of AppSec Now! This week, our hosts Aubrey, David Warburton, Chase Abbott, and MegaZone get into some hot topics in the world of application security. Our focus is on the latest F5 Labs Advanced Persistent Bots report, highlighting the ever-evolving landscape of bot attacks and the importance of robust mitigation strategies. We analyze Google's hefty $32 million acquisition of Wiz, exploring what this move means for the tech giant's security posture and its potential impact on the cloud security market.We also tackle the sensitive topic of personal data with a focus on 23andMe's bankruptcy and the critical steps you should take to safeguard your genetic information. Finally, we explore the emerging trend of "vibe coding" and its implications for both seasoned developers and novices. Join us for these engaging discussions and more, and don't forget to like, subscribe, and leave a comment with your thoughts!00:00 Introduction01:08 Google / Wiz Deal04:57 Electrical Fire Closes Heathrow12:39 23andMe Bankrupt! Delete data. 19:10 Advance Persistent Bots Report32:06 Vibe Coding Roundtable42:37 Outro
AppSec Now is a podcast aimed at delivering the top stories from the latest (mosttly application) security news and interesting guests from the application security community.
South Africa