Turning perimeter security into full-spectrum application defense

Healthcare providers are at the forefront of delivering critical care, but increasingly depend on digital systems, from EHR platforms to telehealth portals, to operate effectively. As hospitals and health systems modernize IT landscapes, the attack surface has expanded dramatically, with cloud apps, SaaS infrastructure, and interoperability mandates introducing both opportunity and risk. AppSec isn’t just a technical concern, it's foundational to patient trust, regulatory compliance and clinical continuity.

Health SaaS and Health Tech vendors are powering the digital transformation of care delivery, administrative workflows, revenue cycles, and patient engagement. However, with great reach comes great risk: every SaaS application holds sensitive health data and must navigate both market expectations and strict regulations. Building AppSec into your product isn’t optional, it’s a market differentiator and a trust signal.

Healthcare payers, insurance companies and health plans, sit at the nexus of clinical services, member data, and financial risk. As digital tools take on more responsibility for claims processing, provider network management, and member engagement, payer platforms become high-value targets for attackers. AppSec for payers isn’t just about securing code; it’s about protecting financial integrity, member data and regulatory compliance while enabling agile plan operations.

A critical pre-authenticated remote code execution (RCE) vulnerability, tracked as CVE-2026-22778 (CVSS 9.8), has been discovered in vLLM, a widely used inference and serving engine for large language models.

Despite promising fast value, modern AppSec platforms often demand lengthy, high-friction onboarding. Teams are left managing alert noise, continuous configuration debt and fractured integrations. This friction stems from flawed implementation models, whether layered on top of the technology or baked into it, shaping how these platforms are adopted and operated.

Two high vulnerabilities affecting Chainlit, an open-source AI application framework used to build conversational AI and enterprise chatbots, can allow malicious actors to leak sensitive data and potentially enable broader cloud compromise

A review of “The Promptware Kill Chain”Over the last two years, “prompt injection” has become the SQL injection of the LLM era: widely referenced, poorly defined, and often blamed for failures that have little to do with prompts themselves.A recent arXiv paper, “The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware,” tries to correct that by reframing prompt injection as just the initial access phase of a broader, multi-stage attack chain.As a security researcher working on real production AppSec and AI systems, I think this paper is directionally right and operationally incomplete.This post is a technical critique: what the paper gets right, where the analogy breaks down, and how defenders should actually think about agentic system compromise.

How Kodem turns SBOM packages into the control plane for investigation, governance and remediation

An unauthenticated Remote Code Execution (RCE) flaw, tracked as CVE-2026-21858 (CVSS 10.0), has been discovered in n8n, the widely-adopted workflow automation platform. With over 100 million Docker pulls and an estimated 100,000 locally deployed instances, this vulnerability transforms n8n from a productivity tool into a severe single point of potential failure for organizations globally.

Security analysts recently identified a new variant of the Shai-Hulud npm supply chain worm in the public registry, signaling continued evolution of this threat family. This variant, dubbed “The Golden Path” exhibits modifications from prior waves of the malware, suggesting ongoing evolution in the threat actor’s tradecraft.

Kai, Kodem’s secure-by-design AI AppSec Engineer, is integrated directly into the platform to deliver contextualized and actionable answers precisely when AppSec teams need them. By converting your existing security data into conversational intelligence, Kai eliminates the need for hours of manual investigation and context-switching. You can now ask questions as you would to a senior, humble, and tireless engineer.

On December 3, 2025, the React and Vercel teams disclosed CVE-2025-55182, a critical remote-code-execution (RCE) vulnerability (CVSS 10) affecting React Server Components (RSC) as used in the Flight protocol implementation.

A new wave of supply chain compromise is unfolding across the open-source ecosystem. Multiple security vendors, including Aikido Security and Wiz have confirmed that the threat actor behind the earlier Shai Hulud malware campaign has resurfaced. This time, compromising NPM accounts, GitHub repositories and widely-used packages associated with Zapier and the ENS (Ethereum Name Service).

Identifying issues isn’t the challenge. The challenge is effective remediation that fits your codebase, your environment and your team’s development velocity. Developers need to understand where issues originated, which packages to upgrade, what code to change and how disruptive fixes will be. Meanwhile, AppSec needs visibility into what's immediately actionable and which issues require cross-team coordination.

Follow-on to Part 1: Translating regulation into runtime evidence.

Are You Ready for UN R155? The Real Work Behind Automotive Software Security Compliance

Memory analysis plays a critical role in turning kernel-level signals into function-level proof of execution. See which vulnerable functions actually run in your environment, cut noise and prioritize risk that exists (and is exploitable) in your running application.

CVE-2025-4665 is a critical (CVSS 9.6) pre-authentication SQL injection vulnerability in the WordPress Contact Form CFDB7 Database Addon plugin. The flaw allows remote attackers to exploit insufficient input validation and unsafe deserialization without authentication, affecting versions 1.3.2 and earlier. This vulnerability enables data exfiltration, database manipulation and potential remote code execution through PHP object injection chains.

AI-powered code editors such as Cursor, Claude Code, Gemini CLI, and OpenAI Codex are rapidly becoming part of enterprise development environments.

Continuous visibility from first discovery to final resolution across code repositories and container images, showing who fixed each vulnerability, when it was resolved and how long closure took. Kodem turns issue statuses into ownership for engineers, progress tracking for leadership and defensible risk reduction for application security.

For years, product security teams have lived with a gap. Tools surfaced findings — CVEs, outdated packages, risky dependencies — but rarely the context to make sense of them. Engineers still had to open a browser, type a CVE into Google, skim through NVD, vendor advisories, GitHub issues, and random blogs to answer basic questions: Is this actually exploitable in our environment? Is there a safe upgrade path? Has anyone seen this exploited in the wild? This release closes that gap.

On September 15, 2025, researchers at StepSecurity and Socket disclosed a large, sophisticated supply-chain compromise in the NPM ecosystem. The incident centers around the popular package @ctrl/tinycolor (with over two million weekly downloads), but it extends far beyond: 40+ other packages across multiple maintainers were also compromised.

The npm ecosystem is in the middle of a major supply-chain compromise. The maintainer known as Qix is currently targeted in a phishing campaign that allows attackers to bypass two-factor authentication and take over their npm account. This is happening right now, and malicious versions of widely used libraries are being published and distributed.

Node.js, Deno, and Bun are the primary runtimes for executing JavaScript and TypeScript in modern applications. They form the backbone of AI backends, serverless deployments, and orchestration layers. Each runtime introduces distinct application security issues. For product security teams, understanding these runtime weaknesses is essential because attacks often bypass framework-level defenses and exploit the runtime directly.

AI workloads are increasingly deployed on serverless runtimes like AWS Lambda, Vercel Edge Functions, and Cloudflare Workers. These platforms reduce operational overhead but introduce new application-layer risks. Product security teams must recognize that serverless runtimes are not inherently safer—they simply shift the attack surface.

TensorFlow.js and Transformers.js allow developers to run machine learning models directly in JavaScript and TypeScript environments. They are widely adopted for preprocessing, inference, and integrating AI into web and Node.js applications. Their ease of use conceals significant application security issues.

Hugging Face Datasets and Tokenizers.js are integral to many JavaScript and TypeScript AI pipelines. They handle ingestion, normalization, and preprocessing of text data. These libraries appear safe but introduce critical security issues at the application layer.