DevCentral ICMYI - February 2025

DevCentral publishes new content constantly, and it’s easy to miss the latest from F5’s technical user community with all that turnover. So here’s a monthly round-up of DevCentral news, content, and events—in case you missed it!

New and Notable

• AppWorld 2025 just wrapped up in Las Vegas! We've got loads of fresh content to share with you all so keep an eye out over the coming weeks. If you wanna see what the community got up to this week, check out #AppWorld2025. BONUS: If you joined us at AppWorld and want to share something about your experience, leave a comment in the linked article. We'll randomly select someone from the comments section to receive a prize. :)

AI

• AI Friday Podcast: DeepSeek Security Risks, Reasoning Models, Package Hallucination & More - This week on AI Friday, we explore new AI advancements: LlamaV-01 reasoning models, DeepSeek security issues, King Gizzard and the Lizard Wizard's open-source music, and the wildest AI gadgets from CES 2025.
• Agentic RAG - Securing GenAI with F5 Distributed Cloud Services - In this article, learn six key security controls for your Agentic RAG chatbot, highlighting the role of AI Gateways in protecting Generative AI services.
• AI Friday: OpenAI Roadmap, Weaponized Agentic AI - Join this week's AI Friday for the latest on AI advancements OpenAI's roadmap Sam Altman's future model updates Elon Musk's OpenAI governance bid and key info on next week's AppWorld event in Las Vegas
• A Deep Dive Into AI Villainy - AppWorld 2025 - Join Aubrey King at AppWorld 2025 for a talk on AI security threats using classic sci-fi villains, plus scaling and securing AI apps from F5's Jay Kelley.
• Secure AI RAG using F5 Distributed Cloud in Red Hat OpenShift AI and NetApp ONTAP Environment - F5 Distributed Cloud streamlines RAG deployment and security for AI apps in hybrid and multi-cloud setups, delivering accurate responses and ensuring data safety and compliance.

Security Insights

• Copilot’s Weakness, DeepSeek Data exposed, Backdoor in Contec CMS8000 & Apple's Zero-Day - This week's F5 SIRT update: Dharminder highlights major issues in GitHub Copilot exposed data in DeepSeek's database flaws in healthcare monitors and a recent Apple OS patch for a zero-day vulnerability stressing the need for better security measures.
• Agentic AI with Social Engineering, JavaScript Stealer and the Silent Lynx - In the week of February 2-8, 2025, cybersecurity threats rise as Silent Lynx and Lazarus Group launch advanced attacks. This highlights the need for AI-driven security solutions due to risks like critical Cisco ISE flaws and AI used for social engineering.
• Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS - This week's security update: Koichi from F5 SIRT flags a complex PowerShell attack on South Korean officials a major ransomware hit on a psychiatric center Japan's push for proactive cyber defense and a new GPS flaw affecting user privacy.
• U.S. Government cuts, Majorana 1 Chip, CVEs for Mongoose and OpenSSH - This week's newsletter covers cuts to U.S. cybersecurity and consumer protections due to federal job cuts Microsoft's Majorana 1 quantum processor breakthrough and severe vulnerabilities in MongoDB and OpenSSH that threaten data security
• Understanding The TikTok Ban, Salt Typhoon and More | AppSec Monthly January Ep.27 - In this AppSec Monthly episode, join MegaZone and experts as they discuss TikTok's ban, its impact on internet freedom, recent breaches, data sovereignty, and preview VulnCon 2025.

BIG-IP

• Using bash and tmsh to make bulk updates - This guide helps BIG-IP admins quickly find and change settings affected by AAM/WAM feature removal in versions 16 and up ensuring smooth upgrades and avoiding issues.
• Mastering Imperative and Declarative Automation with F5 BIG-IP – AppWorld 2025 - Attend the hands-on lab at AppWorld 2025 with F5 experts Matt Mabis and Anton Varkalev Learn to automate with Ansible on F5 BIG-IP for smoother app deployments
• Five Ways to Automate F5OS with Ansible: A Practical Guide - Explore Ansible's automation for F5OS with five methods including REST API and SSH examples
• Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 Advanced WAF - Learn about XSS attacks how they exploit web apps and how to protect against them with F5 Advanced WAF in our latest article
• Maintaining BIG-IP's Golden Compliance Configuration in Financial Services - Discover successful methods for reducing configuration differences in F5 BIG-IP systems to guarantee adherence and operational stability during demanding evaluations in the Banking, Financial Services, and Insurance industries.

Distributed Cloud

• F5 Distributed Cloud and Transfer Encoding: Chunking - Discover the process of backing HTTP/API clients through F5 Distributed Cloud by setting up a basic system that smoothly buffers and transforms chunked data, resulting in efficient communication with servers.
• Accelerate Your Initiatives: Secure & Scale Hybrid Cloud Apps with F5 BIG-IP & Distributed Cloud DNS - F5's 2024 State of Application Strategy Report highlights ways to scale and secure apps in hybrid and multicloud setups, ensuring smooth access and optimized resources for all users.
• Accelerate Your Initiatives: Secure & Scale Hybrid Cloud Apps on F5 BIG-IP & Distributed Cloud DNS - F5's new solution merges BIG-IP TMOS with Distributed Cloud services to scale and secure apps across hybrid and multicloud setups ensuring high availability and top user experience for all users.
• F5 Distributed Cloud and Amazon FSx for NetApp ONTAP - Global Replication and Anywhere Access - F5's Distributed Cloud Network Connect simplifies and secures NetApp storage replication to Amazon FSx for ONTAP for disaster recovery, efficient data access, and better AI capabilities in hybrid cloud setups.

NGINX

• Announcing Unovis 1.5 - F5 launches Unovis 1.5 with better Solid support React 19 and Angular 19 compatibility and more updates See the full release notes on GitHub.
• A Closer Look at mTLS and the Default Server in F5 NGINX - SNI in F5 NGINX simplifies secure TLS handshakes impacts certificate choice and crypto settings highlights the importance of default servers for strong security.

About DevCentral

DevCentral is a F5 community of technical users dedicated to learning, exchanging ideas, and solving problems—together. Join us to share F5 technology and application security best practices.