Amazon EC2 SSRF Breach, Oracle Cloud Breach & Malicious NPM Packages Exposed

Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here: https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/340708 00:00 Introduction 04:01 F5 Labs: AWS EC2 SSRF 10:44 Oracle Cloud Breach 16:44 Verizon iOS App Exposure 20:23 BeaverTail Malware via NPM 24:43 Golang Ghost Malware 28:34 Apache Parquet RCE - CVSS 10 !!! 34:12 Outro