PodRocket - Episodes Tagged with “Security”

Cloudflare's Next.js rewrite, AI security chaos, and developer brain fry

LogRocket — Thu, 23 Apr 2026 08:00:00 -0400

The panel digs into the Cloudflare vs Vercel turf war over Next.js, breaking down what it really means that one engineer vibe coded a full framework rewrite in a week for $1,100 using Claude Code. Then things get spicy: from the Lovable data breach to an early Anthropic model escaping its sandbox, the crew debates whether the wave of AI security incidents is systemic, and what the build vs buy collapse means for developers rolling their own tools in the AI agent era.

Resources

One Engineer, One AI, One Week: Cloudflare Just Rebuilt Next.js: https://bytesizedbets.com/p/one-engineer-one-ai-one-week-cloudflare
Cloudflare's vibe-coded Next.js replacement starts a turf war: https://cybernews.com/security/hackers-find-critical-flaws-in-cloudflares-nextjs-alternative/
How we rebuilt Next.js with AI in one week: https://blog.cloudflare.com/vinext/
JavaScript survey reveals gripes against Next.js: https://www.devclass.com/development/2026/02/10/javascript-survey-reveals-gripes-against-date-handling-webpack-and-nextjs-and-that-typescript-has-won/4090262
Claude Code's source code appears to have leaked — here's what we know: https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know
Anthropic accidentally exposes Claude Code source code: https://www.theregister.com/2026/03/31/anthropic_claude_code_source_code/
Claude Mythos Preview (Anthropic Red Team blog): https://red.anthropic.com/2026/mythos-preview/
Claude Mythos Preview — BBC coverage: https://www.bbc.com/news/articles/crk1py1jgzko

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com, or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

What does LogRocket do?

LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today.

Chapters

00:00 Introduction & Panelist Welcome
02:00 Cloudflare Rewrote Next.js for $1,100 — Does It Matter?
06:30 Vercel Lock-In, Open Next & the Adapter Debate
09:00 AI Security Incidents — Lovable, Anthropic Source Code Leak & More
12:30 Is the Security Crisis Systemic or a People Problem?
16:00 Rolling Your Own Stack With AI Is a Terrible Idea
18:30 Mythos, Zero-Day Bugs & Anthropic's Security Credibility
22:00 Is Anthropic's "Safety First" Framing Just Marketing?
26:00 Fleet Management, Agent Burnout & Brain Fry
28:30 Hot Take — Noel: Software Is Getting Worse and AI Is to Blame
32:30 Hot Take — Paul: The Second Internet & Claude Code's Future
36:30 Hot Take — Jack: The Highlander Reboot Is Going to Slap
37:30 Hot Take — Paige: Think Before You Grant OAuth Permissions
40:00 Wrapping Up Special Guest: Jack Herrington.

React got hacked with David Mytton

LogRocket — Tue, 16 Dec 2025 08:00:00 -0500

In this episode, Noel sits down with David Mytton, founder and CEO of Arcjet, to unpack the React2Shell vulnerability and why it became such a serious remote code execution risk for apps using React server components and Next.js. They explain how server-side features introduced in React 19 changed the attack surface, why cloud providers leaned on WAF mitigation instead of instant patching, and what this incident reveals about modern JavaScript supply chain risk. The conversation also covers dependency sprawl, rushed patches, and why security as a feature needs to start long before production.

Links

X: https://x.com/davidmytton
Blog: https://davidmytton.blog

Resources

Multiple Threat Actors Exploit React2Shell: https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey! https://t.co/oKVAEXipxu

Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com, or tweet at us at PodRocketPod.

Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/

Follow us. Get free stickers.

What does LogRocket do?

Chapters

Google’s antitrust win, AI mandates, npm attacks and robots.txt

LogRocket — Thu, 25 Sep 2025 08:00:00 -0400

Is the web breaking under the weight of AI crawlers, platform consolidation, and nonstop security breaches? We dive into the state of browsers, developer burnout, and whether tech regulation can actually keep up.

In this panel discussion:

We debate if robots.txt and AI licensing standards like RSL can realistically control how AI scrapes the web.
The fallout from DIA’s acquisition by Atlassian and what it means for indie browser innovation (like the Helium browser, Zen) in a Chromium-dominated world.
Why Google’s antitrust victory might embolden other tech giants, and what that means for competition.
How supply chain attacks like the NPM malware and Shai Hulud worm are exploiting GitHub workflows and package vulnerabilities.
The pushback against AI mandates at work, including Coinbase’s controversial policy requiring developers to use Copilot.

Resources

Inside the battle for the future of the web: https://www.businessinsider.com/google-microsoft-openai-fight-standards-limit-ai-access-websites-2025-9

The web has a new system for making AI companies pay up: https://www.theverge.com/news/775072/rsl-standard-licensing-ai-publishing-reddit-yahoo-medium

The Browser Company, maker of Arc and Dia, is being acquired: https://www.theverge.com/web/770947/browser-company-arc-dia-acquired-atlassian

Google stock jumps 8% after search giant avoids worst-case penalties in antitrust case: https://www.cnbc.com/2025/09/02/google-antitrust-search-ruling.html

Massive data breach sees 16 million PayPal accounts leaked online - here's what we know, and how to stay safe:https://www.techradar.com/pro/massive-data-breach-sees-16-million-paypal-accounts-leaked-online-heres-what-we-know-and-how-to-stay-safe

PayPal’s Glitch Puts €10 Billion on Ice Across European Banks: https://fintechnews.ch/payments/paypal-glitch-freezes-european-banks-10-billion-transactions/77974/

npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads

Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack

Coinbase CEO explains why he fired engineers who didn’t try AI immediately: https://techcrunch.com/2025/08/22/coinbase-ceo-explains-why-he-fired-engineers-who-didnt-try-ai-immediately/

Chapters

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey!
Let us know by sending an email to our producer, Elizabeth, at elizabet.becz@logrocket.com, or tweet at us at PodRocketPod.

Follow us. Get free stickers.

What does LogRocket do?

Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

LogRocket — Tue, 23 Sep 2025 08:00:00 -0400

Feross Aboukhadijeh, founder of Socket, joins us to break down the recent wave of NPM supply chain attacks hitting the JavaScript ecosystem, including how attackers used phishing to target developers, snuck malware into popular packages like Prettier and "is", and even abused tools like Claude, Gemini, and TruffleHog.
We dig into how GitHub Actions vulnerabilities were exploited, what makes postinstall scripts risky, and and what you can do to protect yourself from future attacks.

Links

Website: https://feross.org
X: https://x.com/feross
GitHub: https://github.com/feross
LinkedIn: https://www.linkedin.com/in/feross
YouTube: https://www.youtube.com/channel/UCHM4OEvQDUq8UszyUrdov-w

Resources

npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack

Chapters

00:00 Intro: NPM supply chain attacks explained
01:10 What is a software supply chain attack?
02:00 NPM phishing campaign: Fake login pages
03:00 Prettier ecosystem compromised
04:00 The “is” package malware incident
05:30 NX package breach (August 27 attack)
06:40 AI-powered supply chain exploit
08:00 GitHub Actions misconfiguration
12:00 Lessons from recent NPM attacks
20:00 How malicious packages get published
25:00 Why install scripts are so risky
30:00 Limitations of banning install scripts
35:00 Open source maintainer challenges
40:00 Smarter approaches to dependency updates
44:00 The future of open source supply chain security
47:00 Closing thoughts and resources

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Fill out our listener survey!
Let us know by sending an email to our producer, Elizabeth, at elizabet.becz@logrocket.com, or tweet at us at PodRocketPod.

Follow us. Get free stickers.

What does LogRocket do?

Secure by design with Vanessa Villa

LogRocket — Wed, 14 Feb 2024 08:00:00 -0500

We welcome on Vanessa Villa, Developer Advocate at Pangea, to explain what the secure by design movement is about and how it shifts security to the beginning of the development cycle.

Links

https://www.linkedin.com/in/vanessa-villa-tech
https://twitter.com/vavillaiot
https://pangea.cloud/blog/

We want to hear from you!

How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend?

Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com, or tweet at us at PodRocketPod.

Follow us. Get free stickers.

What does LogRocket do?

LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. Special Guest: Vanessa Villa.

Security and path traversal with Liran Tal

LogRocket — Tue, 23 May 2023 08:00:00 -0400

Today, we have Liran Tal, Director of Developer Advocacy at Snyk, to talk about a security risk all developers should know about: path traversal.

Links

https://twitter.com/liran_tal
https://lirantal.com/
https://github.com/lirantal
https://lirantal.com/blog
https://www.linkedin.com/in/talliran

Tell us what you think of PodRocket

We want to hear from you! We want to know what you love and hate about the podcast. What do you want to hear more about? Who do you want to see on the show? Our producers want to know, and if you talk with us, we’ll send you a $25 gift card!

If you’re interested, schedule a call with us or you can email producer Kate Trahan at kate@logrocket.com

Follow us. Get free stickers.

What does LogRocket do?

LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. Special Guest: Liran Tal.

Azure security with Sarah Young

LogRocket — Fri, 28 Oct 2022 08:00:00 -0400

Sarah Young is a Senior Cloud Security Advocate at Microsoft. Sarah joins us today to talk about Azure security, Zero Trust principles, and important investments in the security ecosystem.

Links

https://twitter.com/_sarahyo
https://www.sarahyoung.io
https://ignite.microsoft.com
https://azure.microsoft.com

Tell us what you think of PodRocket

If you’re interested, schedule a call with us or you can email producer Kate Trahan at kate@logrocket.com

Follow us. Get free stickers.

What does LogRocket do?

LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. Special Guest: Sarah Young.

1Password with Andrew Beyer

LogRocket — Wed, 20 Apr 2022 08:00:00 -0400

In this episode, we talk to Andrew Beyer, senior engineering manager at 1Password, about how 1Password helps people generate and store unique passwords, how 1Password's engineering org has evolved, and the future of passwords.

Links

https://1password.com/
https://twitter.com/firebeyer
https://www.w3.org/community/webextensions/
https://www.future.1password.com/
https://1password.com/jobs/

Review us

Reviews are what help us grow and tailor our content to what you want to hear. Give us a review here.

Contact us

https://podrocket.logrocket.com/contact-us
@PodRocketpod

What does LogRocket do?

LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today. Special Guest: Andrew Beyer.

Open-source supply chain security with Feross Aboukhadijeh

LogRocket — Tue, 22 Mar 2022 08:00:00 -0400

Feross Aboukhadijeh is the creator of WebTorrent, StandardJS, and Wormhole. We talked to Feross about Wormhole back in June and he joins us now to talk about Socket.dev, a new security company that can protect your most critical apps from supply chain attacks.

Review us

Reviews are what help us grow and tailor our content to what you want to hear. Give us a review here.

Contact us

https://podrocket.logrocket.com/contact-us
@PodRocketpod

What does LogRocket do?

LogRocket combines frontend monitoring, product analytics, and session replay to help software teams deliver the ideal product experience. Try LogRocket for free today.
Special Guest: Feross Aboukhadijeh.