Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process.

Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be?

🔗 Relevant Links Here:https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/340708

00:00 Introduction

04:01 F5 Labs: AWS EC2 SSRF

10:44 Oracle Cloud Breach

16:44 Verizon iOS App Exposure

20:23 BeaverTail Malware via NPM

24:43 Golang Ghost Malware

28:34 Apache Parquet RCE - CVSS 10 !!!

34:12 Outro