In this week's Source Code news wrap podcast,  we discuss a critical remote code execution flaw in certain versions of the Apache Commons Text library; recent efforts by Fortinet to encourage organizations to apply patches for a vulnerability in its products that is under attack; and a new variant of Ursnif that has been reconstructed from a banking trojan into a generic backdoor.