Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
Critical Vulnerabilities in AI Frameworks (GGUF & MXNet): The Heap Overflow Threat
Model compression standards like GGUF make running LLMs easy, but are they secure? Discover how malicious model files induce memory and heap overflows...
API Security in Fintech Applications: Why WAFs Are Never Enough
Today, the digital lifeblood connecting banking software, crypto wallets, open banking integrations, and payment gateways is the API (Application...
The Hidden Cyber Risks of Integrating AI in E-Commerce and Enterprise Systems
Artificial Intelligence is no longer just a futuristic concept; it’s the technology engine driving personalized shopping, automating inventory mana...
Deep Dive: Axios Supply Chain Attack Deploys Cross-Platform RAT
A comprehensive technical analysis of the recent Axios npm supply chain attack. We break down the obfuscated plain-crypto-js dependency, the exact...
How to Build Fully Autonomous and Secure CI/CD Pipelines
Discover the DevSecOps secrets and strategies for building autonomous, highly observable, and inherently secure CI/CD pipelines for modern engineering...
Automated Vulnerability Scanning vs. Manual Penetration Testing: Which Do You Need?
When deciding on cybersecurity investments, IT teams and boards often have the same debate: 'Instead of spending thousands of dollars on manual p...
GitOps Security in ArgoCD Architecture: How to Protect Your K8s Clusters
ArgoCD and GitOps architectures rely on a Single Source of Truth. Learn how attackers exploit supply chain vulnerabilities and the detailed guidelines...
Apple Warns: Older iPhones Vulnerable to Coruna & DarkSword Exploit Kits
Apple has issued a critical warning regarding unpatched, older iOS devices being actively targeted by Coruna and DarkSword exploit kits through drive-by...
Setting up an Active Directory Pentest Lab in Seconds with AI (Cursor)
For cyber security experts and internal Red Teams: How to set up a fully comprehensive, vulnerable Active Directory test environment with a single click...