Research & Intelligence

Eresus research, advisory, and security news

We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.

Research · 101Technical Guide · 2Advisory Analysis · 5Guide · 1News · 3

Featured Posts

ResearchInfrastructure

Linux Kernel LPE 2026: Copy Fail, Dirty Frag, and Fragnesia Compared

Three deterministic Linux kernel local privilege escalation vulnerabilities — Copy Fail (CVE-2026-31431), Dirty Frag (CVE-2026-43284/43500), and Fragnesia (CVE-2026-46300) — were disclosed within 15 days. This guide compares attack surfaces, mitigations, patch status, and which systems remain at risk if only some are addressed.

2026-05-17Read

Technical GuideApplication Security

JavaScript Obfuscation Reverse Engineering: A Practical Deobfuscation Playbook

How to break JavaScript obfuscation used by obfuscator.io, JScrambler, webpack, and custom schemes. Covers string array rotation, control flow flattening, eval unwrapping, AST manipulation with Babel, Chrome DevTools tricks, and source map recovery. Practical for bug bounty hunters and pentesters needing to read protected frontend code.

2026-05-17Read

Advisory AnalysisInfrastructure

Fragnesia CVE-2026-46300: Linux Kernel XFRM ESP-in-TCP Local Privilege Escalation

Fragnesia (CVE-2026-46300) is a third Linux kernel local privilege escalation vulnerability discovered on May 14, 2026, following Dirty Frag. It exploits the XFRM ESP-in-TCP subsystem to achieve deterministic page-cache corruption and root access. Discovered by William Bowling (Zellic) and V12 security team. Includes mitigation commands and distro advisory links.

2026-05-17Read

Latest Posts

Advisory AnalysisInfrastructure

Dirty Frag CVE-2026-43284: Linux Kernel Local Privilege Escalation via ESP and RxRPC

Dirty Frag (CVE-2026-43284 / CVE-2026-43500) is a deterministic Linux kernel local privilege escalation vulnerability chain in the xfrm-ESP and RxRPC subsystems. Microsoft Defender has observed limited in-the-wild exploitation. Includes mitigation commands, affected distro list, Fragnesia variant (CVE-2026-46300), and a hardening checklist for Kubernetes nodes and CI runners.

2026-05-17Read

Technical GuideApplication Security

AI Chatbot Web Application Pentesting: Attack Surface Beyond Prompt Injection

How to pentest the web application wrapping an AI chatbot — not the LLM itself. Covers IDOR in conversation endpoints, XSS via AI markdown rendering, API key exposure in frontend bundles, SSRF via browsing tools, rate-limit abuse for cost amplification, file upload attack paths, and authorization failures in share/export features.

2026-05-17Read

Advisory AnalysisAI Infrastructure

CVE-2026-7482: Ollama GGUF Heap Out-of-Bounds Read — Full Technical Analysis

CVE-2026-7482 is a critical heap out-of-bounds read in Ollama's GGUF model loader (CVSS 9.1). Unauthenticated remote attackers can leak ~2 MB of heap memory per request — including environment variables, API keys, system prompts, and concurrent users' conversation data. Two-bug chain, full PoC, patch diff, and Ollama 0.17.1 fix.

2026-05-05Read

Advisory AnalysisHosting

CVE-2026-41940: Emergency Action Plan for cPanel & WHM Authentication Bypass

CVE-2026-41940 is a critical authentication bypass in cPanel & WHM affecting all versions after 11.40. Covers affected versions, patch commands, temporary firewall mitigations, session IOC checks, and a fleet action checklist for hosting teams.

2026-05-05Read

Advisory AnalysisInfrastructure

Copy Fail CVE-2026-31431: Linux Kernel Local Privilege Escalation

CVE-2026-31431 (Copy Fail) is a local privilege escalation vulnerability in the Linux kernel's algif_aead cryptographic interface. Affects kernels from 4.14 to 6.12.x across Ubuntu, RHEL, Debian, Amazon Linux, and more. Includes a kernel module workaround, container hardening steps, and a patch strategy for Kubernetes nodes and CI runners.

2026-05-17Read

GuideDevSecOps

What Is AWS IAM in Cloud Security?

Learn how AWS Identity and Access Management (IAM) controls access, prevents data breaches, and serves as the ultimate perimeter in modern cloud security.

2026-04-24Read

NewsCloud Security

Vercel, Context.ai, and AI SaaS Security

Eresus analyzes the April 20, 2026 Vercel incident linked to Context.ai and explains why OAuth-connected AI tools now belong in the core SaaS attack surface.

2026-04-22Read

NewsAI Infrastructure

The April 2026 MCP RCE Wave

Why MCP security depends on architecture, identity, tool isolation, and registration control more than a single CVE.

2026-04-22Read

NewsAI Security

AI Agent Traps: Web Attacks Against Agents

How hidden web content, poisoned context, and tool access can manipulate autonomous AI agents in real enterprise workflows.

2026-04-22Read

1 2 3 4 5 6 7 8 9 10 11 12 13