AppSec Now

🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including:💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it.🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues.Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives.Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights!✅ Like, subscribe, and follow to keep up with the latest in application security.00:00 Introduction02:20 Parquet Tool06:30 VulnCon 202509:09 EU Cyber Resilience Act16:45 CVE Program Chaos20:29 Pay Your Tolls!27:17 SAP Critical Vulnerability29:18 Outro

Join Merlyn Chase, MegaZone, and Aubrey on this week’s AppSec Now podcast as they dive into the latest topics in application security! 🚀 From the recent B-Sides Seattle conference to critical discussions on EV car hacking, cybersecurity quandaries, AI-generated passports bypassing KYC, and Japan’s groundbreaking Active Cyber Defense Bill—you don’t want to miss this one. Plus, learn how AppSecNow is keeping you ahead with insights by F5 Labs and the F5 Security Incident Response Team.Stay informed, stay secure—like, subscribe, and follow for all things AppSec!00:00 Introduction03:10 EV Car Hacking12:25 AI Generated Passports21:35 LLMs Do Not Trust Humans28:31 Japan's Active Cyber Defense Bill34:19 Outro

Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/34070800:00 Introduction04:01 F5 Labs: AWS EC2 SSRF10:44 Oracle Cloud Breach16:44 Verizon iOS App Exposure20:23 BeaverTail Malware via NPM24:43 Golang Ghost Malware28:34 Apache Parquet RCE - CVSS 10 !!!34:12 Outro

Dive into the latest episode of AppSecNow, where we break down the Ingress Nightmare vulnerability impacting NGINX and Kubernetes environments, plus the implications of a critical CVE in Next.js, one of the most widely-used JavaScript frameworks with 9 million weekly downloads.Join Aubrey, Chase, and Merlyn for expert analysis on the security landscape, from Chromium Zero Day concerns to ransomware gangs getting pwned. Stay informed on the front lines of application security with actionable advice from DevCentral's experts.00:00 Introduction01:45 IngressNightmare08:39 Next.js Critical CVE12:07 Chrome Zero Day16:22 New Agents For Security Copilot24:57 HaveIBeenPwned Mail List Leak27:10 BlackLock RaaS Gang Pwned30:28 Outro

Welcome to the 31st episode of AppSec Now! This week, our hosts Aubrey, David Warburton, Chase Abbott, and MegaZone get into some hot topics in the world of application security. Our focus is on the latest F5 Labs Advanced Persistent Bots report, highlighting the ever-evolving landscape of bot attacks and the importance of robust mitigation strategies. We analyze Google's hefty $32 million acquisition of Wiz, exploring what this move means for the tech giant's security posture and its potential impact on the cloud security market.We also tackle the sensitive topic of personal data with a focus on 23andMe's bankruptcy and the critical steps you should take to safeguard your genetic information. Finally, we explore the emerging trend of "vibe coding" and its implications for both seasoned developers and novices. Join us for these engaging discussions and more, and don't forget to like, subscribe, and leave a comment with your thoughts!00:00 Introduction01:08 Google / Wiz Deal04:57 Electrical Fire Closes Heathrow12:39 23andMe Bankrupt! Delete data. 19:10 Advance Persistent Bots Report32:06 Vibe Coding Roundtable42:37 Outro

Join us for the thirtieth episode of AppSecNow, a DevCentral podcast dedicated to the latest trends and threats in the application security (AppSec) world. In this episode, host Aubrey King is joined by Malcolm Heath, Chase Abbott, and MegaZone to dive into recent security incidents and developments, including a detailed analysis of the Coinbase phishing scam, the resurgence of user-mode rootkits with OBSCURE#BAT, the BRUTED brute force campaign and KoSpy, a sophisticated Android spyware campaign linked to North Korean threat actors.Stay informed with custom-curated content from F5's Security Incident Response Team and relevant data from F5 Labs. Discover how attackers are evolving their methods and learn practical tips to protect your applications from these emerging threats. Whether you’re a security professional or just interested in the latest in cybersecurity, this episode has something for you.00:00 Introduction01:52 Coinbase Phishing Scam12:24 BRUTED Brute Force18:26 OBSCURE#BAT Malware21:14 KoSpy Android Spyware 33:15 CISA KEV Updates34:19 Outro

Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team.We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world!References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/34021700:00 Introduction00:59 Apache Camel RCE10:09 Silk Typhoon16:11 Government Encryption Backdoors25:51 X (Twitter) DDoS30:25 VulnCon Comin' Up!32:16 Outro

Join Aubrey, MegaZone, and Merlyn in this week's episode of AppSec Now as they dive into the latest in application security. This week, we discuss Microsoft's groundbreaking Majorana One chip, capable of scaling up to a million qubits and its potential impact on quantum computing. We also explore the recent critical vulnerabilities in MongoDB libraries and OpenSSH, analyzing their implications and mitigations. We dig into the layoffs at CISA and the potential cybersecurity impacts. Don't miss out on these crucial insights to stay ahead in the cybersecurity landscape.TWIS:https://community.f5.com/kb/security-insights/u-s-government-cuts-majorana-1-chip-cves-for-mongoose-and-openssh/33999500:00 Introduction04:28 Majorana109:07 CISA Layoffs16:06 OpenSSH MITM / DoS CVEs20:28 MongoDB RCE CVEs25:54 Outro

In this episode of AppSec Monthly, join our host, MegaZone, joined by Malcolm Heath, Merlyn Albery-Speyer and Aubrey King, as they dive into the latest cybersecurity news. We explore the complexities of the TikTok ban, the impact of geopolitical decisions on internet freedom, and the nuances of data sovereignty. Our experts also discuss the implications of recent breaches by Chinese state actors and the importance of using end-to-end encrypted apps to protect your data. Additionally, we shed light on the fascinating history of internet control and how it continues to evolve with emerging technologies. Stay tuned until the end for insights on the upcoming VulnCon 2025 and how you can participate. Don’t forget to subscribe for more AppSec insights!

Welcome to our special year-end episode of AppSec Monthly, a DevCentral podcast! In this exciting edition, we join forces with the experts at F5 Labs to bring you our highly anticipated cybersecurity predictions for the year ahead. Our panel, including David Warburton, Aubrey King, and Megazone, dives deep into the trends and emerging threats that are set to shape the cybersecurity landscape in 2025. Whether you're an IT professional, a security enthusiast, or just curious about the future of application security, this episode is packed with insights you won't want to miss. During this episode, we cover a wide range of topics, from the increasing sophistication of cyberattacks to the evolving role of AI in security. We reflect on the accuracy of last year’s predictions and discuss the implications of new technologies and geopolitical shifts on the security environment. With engaging discussions, expert analyses, and a bit of holiday cheer, this episode is the perfect way to stay informed and prepared for the challenges and opportunities of the coming year. So grab your earbuds, get comfortable, and join us for an insightful journey into the future of cybersecurity with AppSec Monthly. Don’t forget to like, subscribe, and leave a review on your favorite platform to stay updated with our latest episodes!

Welcome to the latest episode of AppSec Monthly! In this episode, we delve into IT policies, recent cybersecurity trends, and sophisticated attack detection with industry experts David Warburton, Malcolm Heath, and MegaZone. Special guests Adeolu and Shuang from F5 Labs share their latest research on Black Friday shopping trends, automation, and bot attacks, providing insights into the types of bots targeting retailers and their impact. We also look ahead to future trends in automation and predictions for 2024, offering practical advice for retailers on dealing with bot attacks effectively. In our security news segment, we discuss the implications of quantum computing on RSA decryption, security flaws in popular ML toolkits, and the updated 2025 OWASP LLM Apps Top Ten. Explore more at f5.com/labs and visit community.f5.com for additional content from F5 SIRT and F5 Labs. Don't forget to like, subscribe, and leave a review! Theme song, 'Deserted Dunes Welcome Weary Feet,' freely usable by King Gizzard And The Lizard Wizard, as per https://kinggizzardandthelizardwizard.com/bootlegger.

Welcome to another exciting episode of AppSec Monthly, brought to you by DevCentral! This month, we dive deep into various aspects of application security with contributions from Aaron Brailsford, Malcolm Heath, and MegaZone! We discuss the importance of integrating security early in the development process, the critical role of trust in cybersecurity, and the recent buzz around CUPS vulnerabilities. Hear about the latest exploits involving Internet Explorer vulnerabilities. Get ready for an engaging and informative session on all things AppSec. Don't forget to like, subscribe, and stay tuned for more updates!

After a small summer break, the gang's back and talking DDoS with F5 Labs' new DDoS Report. David Warburton lays it all out for us after a healthy dose of news with Aaron Brailsford, Malcolm Heath and, for the first time, MegaZone! Tune in for this action packed episode 23 for July of 2024!

In May of 2024, Aubrey King, from DevCentral, went to #RSAC. While there, he got a chance to hook up with Steve Wilson and Ken Huang to talk about security authoring - 'how to get going' and 'what's the process like?' - before catching up with Akira Brand, who talks about speaking at RSA and more! It's an action packed Episode 22 before we even get to our roundtable, where F5 Labs' David Warburton and Aaron Brailsford catch up with Sam Borer, from the F5 Security Incident Response Team about all the latest happenings. You'll hear about the Dell Breach, Ticketmaster and more!

In Episode 21, we change our name! Welcome AppSec Monthly, goodbye This Month In Security. In addition to that new in April of 2024, DevCentral's Aubrey King catches up with Semgrep's Jonathan Werrett to talk about how the AI phenomenon changes the game for Red and Blue Teamers out there in the security world. Also, Aubrey catches up with DevCentral OG, Peter Silva, to talk about 5g security and app isolation for security. Aaron Brailsford herds those cats named David Warburton and Malcolm Heath for our monthly roundtable, as well!

DevCentral's Aubrey King is joined by Dave Warburton, Malcolm Heath and Aaron Brailsford this month for the roundtable and he shares a conversation with Dan Barahona about the APISec University 2024 API Security Market Review they just published and shares the news about APISec Con, coming up on May 22. There's also a teaser of an #AppWorld2024 AI API Security panel conversation between Aubrey, Dan, Corey Ball and Cameron Delano.

In Episode 19 of This Month In Security, Aubrey King catches back up with Tashaffi Samin Yeasar to talk about her daily grind and an IoT coder who's using AI at the edge and some of the security implications of Edge AI. Also, Byron McNaught jumps into the monthly roundtable with Aaron Brailsford and David Warburton, where they talked a bit about AI and deepfakes, as well as some of the latest Ransomware news out there.

This Month In Security, Aubrey King gets to talk to DevCentral MVP Daniel Wolf about how he recommends customers build WAF policy from SBOM. Aaron Brailsford shares the roundtable with Malcolm Heath and Sander Vinberg. Also, we get a sample from This Week In Security.

This week in security, our editor is AaronJB, who brings news of a VMWare exploit that might be older than Aubrey! Also, countless exploits and some amazing videos from The 37th Chaos Communication Congress. Read the full article here: https://community.f5.com/t5/technical-articles/time-to-exploit-and-large-scale-breaches-jan-15th-21st-2024-f5/ta-p/327201 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week.

This Week In Security, our editor is Jordan_Zebor, who shows the community about Github's Runner Poisoning, a cloud threat called F-Bot and an attack on Hadoop! Read the full article here: https://community.f5.com/t5/technical-articles/compromised-ci-cd-fbot-and-hadoop-attacks-jan-7th-14th-2023-f5/ta-p/326973 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week.

This Week In Security, our editor was Koichi and he brings us news about a faked public website, new Gmail Sender Guidelines, a GPS Spoofing attack and the OWASP Top 10 For Large Language Model Applications. Read the full article here: https://community.f5.com/t5/technical-articles/fake-website-gmail-guideline-gps-spoofing-owasp-llm-jan-1st-5th/ta-p/326724 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week.

Aubrey King recaps 2023 in a look back for the podcast before he's joined by Aaron Brailsford, Malcolm Heath and David Warburton to go over the F5 Labs 2024 Predictions report. Happy New Year to all of our listeners and viewers out there!

This Week In Security, our editor was Nagi, who filled us in on the Play Ransomware Advisory, the OpenSSH 9.6 release, the latest Bruce Schneier essay, Google's ending of geofence warrants via Google Maps and so much more! Read the full article here: https://community.f5.com/t5/technical-articles/ransomware-openssh-ai-and-trust-google-geofence-dec-10-17-2023/ta-p/325857 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week. 00:00 Introduction 00:10 Play Ransomware 00:31 OpenSSH 9.6 00:57 Bruce Schneier: AI & Trust 01:19 Google Kills Geofence Warrants 01:34 Outro

This Week In Security for 11/27-12/3, 2023, can be found on F5 DevCentral here: https://community.f5.com/t5/technical-articles/exposed-hf-api-tokens-hacks-ms-news-dec-3-10-2023-f5-sirt-this/ta-p/325561 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week.

This Week In Security for 11/20-11/26, 2023, can be found on F5 DevCentral here: https://community.f5.com/t5/technical-articles/once-more-with-feeling-nov-20-26-2023-f5-sirt-this-week-in/ta-p/324985 This Week In Security is a contribution to DevCentral by the F5 Security Incident Response Team and you can find it in our Technical Articles section every week.

This Month In Security, Aubrey King and the crew try out a new show format. Aubrey catches up with Sandy Dunn, CISO, about her work on the AI Security And Governance Checklist. In addition, Sander talks to the roundtable about his latest contribution to Labs, The 2023 Identity Threat Report. David Warburton's back, as well, and sits in with Aaron Brailsford and malcolm Heath for the monthly roundtable. Strap On Those Earbuds! 00:00 Movember 01:26 Intro 03:26 What Is Request Smuggling? 10:08 November Roundtable 34:48 2023 Identity Threat Report 46:26 AI Security & Governance Checklist

This Month In Security, Aubrey King catches up with Ads on his involvement as a release lead for the OWASP Top Ten For Large Language Model Applications. Also, we hear from a fellow speaker at B-Sides Ottawa, Tashaffi Samin Yeassar, regarding her talk on Elder Care Security and how to pick a topic for your talk. Plus, Lori MacVittie joins the roundtable with Aubrey and Malcolm Heath. 00:00 CyberSecurity Awareness Month Promo 00:57 Introduction 03:39 What's A "Release Lead?" Ask Ads! 10:38 October's Roundtable w/ Lori MacVittie 29:31 Security of ElderCare w/ Tashaffi Samin Yeasar 34:21 Outro

This Month In Security, Aubrey King welcomes OWASP Top 10 for ML Applications Leads, Shain Singh and Sagar Bhure to find out more about the project. Sander Vinberg also shares his takeaways from the Vuln4Cast Colloquium and we welcome Malcolm Heath for a roundtable. 00:00 Introduction 01:31 Vuln4Cast 07:09 OWASP Top 10 for ML Apps 19:07 RoundTable 29:47 Outro

Join Aubrey King, from DevCentral, as he talks with a record number of guests - 8 - for August, 2023 This Month In Security! Topics are OpenSSF and "Hacker Summer Camp" in Las Vegas (B-Sides, BlackHat, Defcon), as well as the latest news. You'll hear from David Wheeler, from the Linux Foundation, Akira Brand, from Application Security Weekly podcast and F5'ers Buu Lam, Christine Abernathy, Trishan DeLanerole, Aaron Brailsford, Malcolm Heath and Sander Vinberg! 00:00:00 Introduction 00:02:55 Aubrey & Akira chat Ops and OpenSSF 00:06:48 OpenSSF Update w/ David Wheeler 00:24:11 B-Sides LasVegas & Defcon 2023 Report 00:35:54 BlackHat 2023 Report 00:43:12 Aubrey & Akira chat SecOps Perspectives 00:46:13 The Latest CyberSecurity Buzz 01:00:41 Outro

If you're hitting up BlackHat 2023, you're going to hear a LOT about Large Language Model security, which dominated the news this month in security. Also, Aubrey King talks with Jason Ross, from Rochester Institute of Technology and Jenn Carlson, from Apprenti, about cybersecurity apprenticeship options. 00:00 Introduction 01:44 CyberSecurity Apprenticeship @ RIT 06:26 Apprenti Skill Assessment 14:16 Jason Ross on OWASP Top 10 for LLM 16:19 The Month, In Review 43:06 Outro

DevCentral's Aubrey King takes you through the (more than a) month of May (and June, too)in This Month In Security Episode 11. NXDOMAIN and Water Torture / Resource Exhaustion attacks against DNS are fairly prominent in an interview of Amina Mubeen, Security Support Engineer and with our newest Real Attack Story from DevCentral. Aaron Brailsford, Malcolm Heath and Sander Vinberg cover the latest interesting happenings.

This Episode, Aubrey King talks with Aaron Brailsford and Amina Mubeen about the latest happenings in security. He also meets up live with David Warburton, Sander Vinberg and Malcolm Heath, from F5 Labs in SanFrancisco at RSA 2023 to discuss conference perspectives and the Labs presentations this year. Strap on those earbuds! 00:00 Introduction 01:54 RSA Conference Recap 27:40 The Cybersecurity Happenings 45:04 Labs' Talks @ RSA 54:54 Outro

Special guest, Ben Edwards, from The Cyentia Institute, joins Aubrey King, Aaron Brailsford and Sander Vinberg on This Month In Security for March, 2023. In addition to some of the latest security news, we focus on CVE, CVSS and the future of threat prediction research, plus we get to hear a tease on Ben and Sander's forthcoming RSA talk. 00:00 Introduction: Ben Edwards 03:22 Ben & Sander At RSA 05:20 Amazing MS Outlook Client Vuln! 08:11 Aubrey's Solaris Confession 09:30 Back To Outlook... 10:43 WRT Exposure, How Long Is Long? 15:24 3CX VoIP Supply Chain Breach 19:33 YouTube Takedown: Linus Tech Tips 21:42 The CVE Report: Ben & Sander 37:37 Exploit Prediction Scoring System 40:23 Outro

Aubrey King, Aaron Brailsford and Malcolm Heath welcome special guest, Akira Brand, co-host of the Application Security Weekly podcast, for a chat this month about career paths, podcasting and the hottest news this month... in security. 00:00 Introduction 01:51 Akira on Application Security Weekly podcast 04:58 Discussion on career paths 17:58 Generalist vs. Specialist / Red vs. Blue 32:17 LastPass continues... to affirm zero trust 38:26 How secure is 'secure enough'? 43:02 F5 Labs' new DDoS report findings 47:16 News tidbits and out.

For the Month of January, 2023, Aubrey King sits down for a chat with Brian McHenry, Security PM, to talk about his role in starting the #Security B-Sides NYC Chapter and more, then Brian and Aubrey join Aaron Brailsford and David Warburton for the top of mind cybersecurity news from January. This Month In Security is a monthly, long-format, community driven technology Podcast, focused on malware, bots, dos and so much more in the realm of application security (appsec). 00:00:00 Introduction 00:01:24 Brian McHenry Intro 00:04:19 How Product Organizations Consume Governing Guidance 00:09:12 Brian's Role With Security B-Sides NYC 00:18:35 The Evolution of AppSec Architectures 00:23:29 Breach Updates: LastPass Continues & More 00:39:46 What Are Some Security Implications of ChatGPT? 00:50:43 FBI Takes Down The Hive 00:57:34 F5 Labs Updates 00:59:37 Outro

Aubrey King hosts the monthly security podcast with Aaron Brailsford & David Warburton. The final show of the year focuses on the three most critical segments of the year and a look at some predictions from F5 Labs' 2023 Predictions report. This Month In Security is a monthly, long-format, community driven technology Podcast, focused on malware, bots, dos and so much more in the realm of application security (appsec). :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: https://soundcloud.com/f5security :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 00:00 Introduction 01:12 ProxyNotShell Resurgence 09:57 Quantum Security Impacts 25:28 Android OEM App-Signing Keys Leaked 33:06 Predictions Intro. 33:59 MFA Will Become Ineffective 42:40 Software Repositories Become THE Target 48:52 Outro

Aubrey King hosts the monthly security podcast with Aaron Brailsford, Sander Vinberg and Malcolm Heath. Discussion on the month's most relevant security happenings, including updates on guidance from CISA, a Dropbox breach, Supply Chain security and the SANS ICA Hyper-Encabulator! 00:00 Introduction 00:48 ANCIENT SQLite Vulnerability 10:11 Latest CISA Supply Chain Guidance 17:38 DropBox Breach and MFA Bypass 26:44 Cranefly MS Logging C&C 35:35 SANS ICA HyperEncabulator 37:14 Outro

This month's news includes some Supply Chain Security, Guidance from CISA and a worrisome UEFI Bootkit October's feature story is Reseller Bots. What are they and how do they impact you? 00:00 Intro.. 01:25 CISA Guidance 09:10 LofyGang Supply Chain News 15:40 MS Exchange Zero Days 23:27 Black Lotus UEFI BootKit 30:53 Labs Updates: Post-Breach, CIS 34:04 Labs Feature: Reseller Bots 42:23 Outro..

DevCentral's Aubrey King sits down with Aaron Brailsford, from F5 Security Incident Response Team (SIRT), Malcolm Heath and Sander Vinberg - both from F5 Labs - and break everything out, in-depth. In this episode, we talk about software supply chain security, the dangers of hard-coded credentials, package management, side-loading mobile applications and more. We also get to review and postulate on the latest data from F5 Labs' Sensor Intel Series, sampling CVE attempts at critical points on the internet backbone to understand the nature of attacks and how they're changing over time. 00:00 Introduction 01:25 High profile updates for Apple / Google 02:20 Hard-Coded Credential Woes 14:17 LastPass Breach 21:52 Uber Breach 28:52 Mudge Testimony 36:10 F5 Labs SIS Report 53:40 WRAP IT UP, B !!

Join DevCentral's Aubrey King and SIRT's Aaron Brailsford as they break down the past month in cybersecurity news in and around the industry! Associated content: https://community.f5.com/t5/technical-articles/f5-sirt-this-week-in-security-june-6th-to-19th-phishing-qnap/ta-p/297263https://community.f5.com/t5/technical-articles/f5-sirt-this-week-in-security-follina-zero-day-karakurt-agent/ta-p/296852https://community.f5.com/t5/technical-articles/apple-vmware-supply-chain-and-breaches-f5-sirt-this-week-in/ta-p/300079

DevCentral & SIRT Present: This Month In Security Aubrey King hooks up with Aaron Brailsford to recap top stories for the month in F5 Security. This month we discuss some academic processor side-channel vulnerabilities, as well as covering UEFI vulnerabilities, some rather alarming disclosures in a popular data center application and much more! 00:00 Introduction 02:26 Academics: New Processor Vulnerabilities! 14:23 Stolen Credentials 22:27 Hardware Hardships 36:02 Peace Out!