AppSec Now

Hosted by DevCentral

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

Apr 2025

Language

About the show

AppSec Now is a podcast aimed at delivering the top stories from the latest (mosttly application) security news and interesting guests from the application security community.

Listen to episodes

41 recent

April 28, 2025Episode 3530 min

Tackling CVE Chaos, Parquet Tool Insights, and EU Cyber Resilience Act Unpacked

🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including:💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it.🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues.Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives.Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights!✅ Like, subscribe, and follow to keep up with the latest in application security.00:00 Introduction02:20 Parquet Tool06:30 VulnCon 202509:09 EU Cyber Resilience Act16:45 CVE Program Chaos20:29 Pay Your Tolls!27:17 SAP Critical Vulnerability29:18 Outro

April 21, 2025Episode 3436 min

EV Car Hacking, AI-Generated Passports, & Japan’s Active Cyber Defense Bill

Join Merlyn Chase, MegaZone, and Aubrey on this week’s AppSec Now podcast as they dive into the latest topics in application security! 🚀 From the recent B-Sides Seattle conference to critical discussions on EV car hacking, cybersecurity quandaries, AI-generated passports bypassing KYC, and Japan’s groundbreaking Active Cyber Defense Bill—you don’t want to miss this one. Plus, learn how AppSecNow is keeping you ahead with insights by F5 Labs and the F5 Security Incident Response Team.Stay informed, stay secure—like, subscribe, and follow for all things AppSec!00:00 Introduction03:10 EV Car Hacking12:25 AI Generated Passports21:35 LLMs Do Not Trust Humans28:31 Japan's Active Cyber Defense Bill34:19 Outro

April 14, 2025Episode 3335 min

Amazon EC2 SSRF Breach, Oracle Cloud Breach & Malicious NPM Packages Exposed

Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/34070800:00 Introduction04:01 F5 Labs: AWS EC2 SSRF10:44 Oracle Cloud Breach16:44 Verizon iOS App Exposure20:23 BeaverTail Malware via NPM24:43 Golang Ghost Malware28:34 Apache Parquet RCE - CVSS 10 !!!34:12 Outro

April 7, 2025Episode 3231 min

NGINX Kubernetes IngressNightmare, Critical Next.js CVE, Chrome Zero Day - Ep.32

Dive into the latest episode of AppSecNow, where we break down the Ingress Nightmare vulnerability impacting NGINX and Kubernetes environments, plus the implications of a critical CVE in Next.js, one of the most widely-used JavaScript frameworks with 9 million weekly downloads.Join Aubrey, Chase, and Merlyn for expert analysis on the security landscape, from Chromium Zero Day concerns to ransomware gangs getting pwned. Stay informed on the front lines of application security with actionable advice from DevCentral's experts.00:00 Introduction01:45 IngressNightmare08:39 Next.js Critical CVE12:07 Chrome Zero Day16:22 New Agents For Security Copilot24:57 HaveIBeenPwned Mail List Leak27:10 BlackLock RaaS Gang Pwned30:28 Outro

March 31, 2025Episode 3145 min

Vibe Coding, F5 Labs Bot Report, Google Buys Wiz And More | AppSec Now Ep 31

Welcome to the 31st episode of AppSec Now! This week, our hosts Aubrey, David Warburton, Chase Abbott, and MegaZone get into some hot topics in the world of application security. Our focus is on the latest F5 Labs Advanced Persistent Bots report, highlighting the ever-evolving landscape of bot attacks and the importance of robust mitigation strategies. We analyze Google's hefty $32 million acquisition of Wiz, exploring what this move means for the tech giant's security posture and its potential impact on the cloud security market.We also tackle the sensitive topic of personal data with a focus on 23andMe's bankruptcy and the critical steps you should take to safeguard your genetic information. Finally, we explore the emerging trend of "vibe coding" and its implications for both seasoned developers and novices. Join us for these engaging discussions and more, and don't forget to like, subscribe, and leave a comment with your thoughts!00:00 Introduction01:08 Google / Wiz Deal04:57 Electrical Fire Closes Heathrow12:39 23andMe Bankrupt! Delete data. 19:10 Advance Persistent Bots Report32:06 Vibe Coding Roundtable42:37 Outro

March 24, 2025Episode 3036 min

Latest AppSec Threats: Coinbase Phishing, BRUTED, OBSCURE#BAT, KoSpy And More!

Join us for the thirtieth episode of AppSecNow, a DevCentral podcast dedicated to the latest trends and threats in the application security (AppSec) world. In this episode, host Aubrey King is joined by Malcolm Heath, Chase Abbott, and MegaZone to dive into recent security incidents and developments, including a detailed analysis of the Coinbase phishing scam, the resurgence of user-mode rootkits with OBSCURE#BAT, the BRUTED brute force campaign and KoSpy, a sophisticated Android spyware campaign linked to North Korean threat actors.Stay informed with custom-curated content from F5's Security Incident Response Team and relevant data from F5 Labs. Discover how attackers are evolving their methods and learn practical tips to protect your applications from these emerging threats. Whether you’re a security professional or just interested in the latest in cybersecurity, this episode has something for you.00:00 Introduction01:52 Coinbase Phishing Scam12:24 BRUTED Brute Force18:26 OBSCURE#BAT Malware21:14 KoSpy Android Spyware 33:15 CISA KEV Updates34:19 Outro

March 18, 2025Episode 2933 min

Latest in AppSec: Apache Camel RCE, X DDoS, Silk Typhoon, and Encryption Debates

Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team.We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world!References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/34021700:00 Introduction00:59 Apache Camel RCE10:09 Silk Typhoon16:11 Government Encryption Backdoors25:51 X (Twitter) DDoS30:25 VulnCon Comin' Up!32:16 Outro

March 3, 2025Episode 2827 min

Exploring CISA Layoffs, Microsoft's Quantum Chip, MongoDB Vulnerabilities & More

Join Aubrey, MegaZone, and Merlyn in this week's episode of AppSec Now as they dive into the latest in application security. This week, we discuss Microsoft's groundbreaking Majorana One chip, capable of scaling up to a million qubits and its potential impact on quantum computing. We also explore the recent critical vulnerabilities in MongoDB libraries and OpenSSH, analyzing their implications and mitigations. We dig into the layoffs at CISA and the potential cybersecurity impacts. Don't miss out on these crucial insights to stay ahead in the cybersecurity landscape.TWIS:https://community.f5.com/kb/security-insights/u-s-government-cuts-majorana-1-chip-cves-for-mongoose-and-openssh/33999500:00 Introduction04:28 Majorana109:07 CISA Layoffs16:06 OpenSSH MITM / DoS CVEs20:28 MongoDB RCE CVEs25:54 Outro

January 31, 2025Episode 2734 min

Understanding The TikTok Ban, Salt Typhoon And More | AppSec Monthly January Ep.27

In this episode of AppSec Monthly, join our host, MegaZone, joined by Malcolm Heath, Merlyn Albery-Speyer and Aubrey King, as they dive into the latest cybersecurity news. We explore the complexities of the TikTok ban, the impact of geopolitical decisions on internet freedom, and the nuances of data sovereignty. Our experts also discuss the implications of recent breaches by Chinese state actors and the importance of using end-to-end encrypted apps to protect your data. Additionally, we shed light on the fascinating history of internet control and how it continues to evolve with emerging technologies. Stay tuned until the end for insights on the upcoming VulnCon 2025 and how you can participate. Don’t forget to subscribe for more AppSec insights!

December 30, 2024Episode 261 hr 8 min

Cybersecurity Predictions 2025: Insights from F5 Labs | December Special AppSec Monthly Ep.26

Welcome to our special year-end episode of AppSec Monthly, a DevCentral podcast! In this exciting edition, we join forces with the experts at F5 Labs to bring you our highly anticipated cybersecurity predictions for the year ahead. Our panel, including David Warburton, Aubrey King, and Megazone, dives deep into the trends and emerging threats that are set to shape the cybersecurity landscape in 2025. Whether you're an IT professional, a security enthusiast, or just curious about the future of application security, this episode is packed with insights you won't want to miss. During this episode, we cover a wide range of topics, from the increasing sophistication of cyberattacks to the evolving role of AI in security. We reflect on the accuracy of last year’s predictions and discuss the implications of new technologies and geopolitical shifts on the security environment. With engaging discussions, expert analyses, and a bit of holiday cheer, this episode is the perfect way to stay informed and prepared for the challenges and opportunities of the coming year. So grab your earbuds, get comfortable, and join us for an insightful journey into the future of cybersecurity with AppSec Monthly. Don’t forget to like, subscribe, and leave a review on your favorite platform to stay updated with our latest episodes!