EPSS, KEV, and the Joy of Predicting the Past

There is a recurring belief in security that if we just collect enough numbers, the future will eventually confess.

EPSS is one such number.

A clean decimal. A percentile. A promise.

So we asked a boring question: what if you actually ran patch management using EPSS thresholds? Not in theory. Not in slides. In reality—against vulnerabilities that were already exploited.

We took all vulnerabilities added to CISA’s KEV catalog in 2025. KEV is not a model. It is not predictive. It is simply a list of things that were exploited hard enough that someone had to admit it.
Nerds welcome.. 

 

CVE-2025-20352: Exposed SNMP is “not a vuln”? 0kk...

It’s just a friendly UDP oracle telling strangers what your routers are, how old they are, and whether they like to take naps when prodded. Totally fine.

CVE-2025-20352 lives in Cisco IOS/IOS XE’s SNMP stack. Crafted packets + creds = sad router. While everyone argues about advisory footnotes, we do the boring part: find what talks SNMP with default communities and tag what looks at risk.

https://github.com/scadastrangelove/CVE-2025-20352 

Nuk‑Nuke

https://github.com/scadastrangelove/nuknuke 

A lightning‑fast decoy web‑server that fools vulnerability scanners by feeding them the answers they expect. Inspired by the 90‑s WinNuke prank and written for ProjectDiscovery’s Nuclei, Nuk‑Nuke parses every template under ~/nuclei‑templates, spins up a single‑py server and replies in a way that always triggers a positive match. Ideal for red‑blue exercises, honeynets or throttling noisy pentest pipelines without touching your production code.