.webp)
Context Over CVSS: Why Medium, Low, CVEs Matter More Than You Think
In 2024, more than 33,000 CVEs were disclosed, an all‑time high, but only about 12% of those labeled “Critical” actually proved exploitable. Meanwhile, high‑profile exploit chains like Pegasus and Blastpass, and careless breaches like the Tea app hack, reveal that Medium‑ranked or poorly‑coded vulnerabilities, rather than CVSS labels, often lead to real attacker impact.
Circumventing Security in Claude Code: Misconfiguration and Denial-of-Service
Kodem recently identified two security issues in Claude Code: a misconfiguration allowing circumvention of user approval and a subsequent Denial-of-Service (DoS) condition.
Kodem just built the world’s only Dev to Prod Agentic Taskforce in Cyber
At RSAC 2025, we launched Kai, the first AI-native application security engineer. Today, we’re expanding it into a fully agentic task force that truly performs AppSec tasks from start to finish.
FedRAMP RFC-0012
The Federal Risk and Authorization Management Program (FedRAMP) recently released RFC-0012, marking a notable shift towards more stringent standards for continuous vulnerability management. Cloud providers and security teams must adjust quickly to stay compliant and secure (FedRAMP, 2024).
Vulnerability Alert: CVE‑2025‑23266: NVIDIAScape: Three‑Line Container Escape in NVIDIA Container Toolkit
CVE‑2025‑23266, nicknamed NVIDIAScape, is a pre‑execution flaw in the NVIDIA Container Toolkit.
How Rapyd Used Kodem to Shift from Volume to Impact
Rapyd, a global fintech platform operating in over 100 countries, partnered with Kodem to modernize its application security program. Faced with mounting vulnerabilities and a shortage of specialized AppSec talent, Rapyd needed more than another scanner—it needed a platform that could think like an expert. Kodem delivered measurable reductions in triage time, rework, and risk exposure by focusing on what attackers can actually exploit.
Vulnerability Alert: CVE-2025-25257: Pre-Auth SQL Injection to Full RCE in Fortinet FortiWeb Fabric Connector
CVE-2025-25257 is a critical vulnerability in Fortinet FortiWeb Fabric Connector. It allows unauthenticated SQL injection, which attackers escalate into remote code execution (RCE) on affected appliances.
Vulnerability Alert: CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability (Null Byte Injection)
CVE-2025-47812 is a critical vulnerability affecting Wing FTP Server versions prior to 7.4.4. This severe security flaw enables unauthenticated attackers to execute arbitrary code remotely (RCE) by exploiting inadequate validation of input containing null bytes (%00) in the authentication process
EPSS vs. Exploitability: Why Probability ≠ Risk in Your Environment
The Exploit Prediction Scoring System (EPSS) is a data-driven model that predicts the likelihood a given software vulnerability will be exploited in the wild.
Multi-Agent Architectures: The Next Leap in Application Security
Most security tools today, static analyzers, fuzzers, even single-agent LLMs, struggle to find complex, multi-step vulnerabilities. But the emerging model of multi-agent collaboration can fundamentally transform vulnerability discovery. Argusee’s recent results are just a glimpse of what's possible.
Exploit Trigger Detection: A new frontier in Application Protection
Application Detection and Response (ADR) technologies are essential for identifying and mitigating runtime attacks. Yet, many existing approaches struggle to detect nuanced, logic-based vulnerabilities effectively.