Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
Automated Vulnerability Scanning vs. Manual Penetration Testing: Which Do You Need?
When deciding on cybersecurity investments, IT teams and boards often have the same debate: 'Instead of spending thousands of dollars on manual p...
GitOps Security in ArgoCD Architecture: How to Protect Your K8s Clusters
ArgoCD and GitOps architectures rely on a Single Source of Truth. Learn how attackers exploit supply chain vulnerabilities and the detailed guidelines...
Apple Warns: Older iPhones Vulnerable to Coruna & DarkSword Exploit Kits
Apple has issued a critical warning regarding unpatched, older iOS devices being actively targeted by Coruna and DarkSword exploit kits through drive-by...
Setting up an Active Directory Pentest Lab in Seconds with AI (Cursor)
For cyber security experts and internal Red Teams: How to set up a fully comprehensive, vulnerable Active Directory test environment with a single click...
The Limitations of WAF: Why Firewalls Alone Can't Prevent Hacks
Your company relies on a pricey WAF (Web Application Firewall) to block threats. But why is a WAF completely blind to logical flaws? Discover how manual...
Kubernetes (K8s) Penetration Testing Playbook: The Black Box Approach
How do cyber attackers breach your Kubernetes (K8s) clusters from the outside without prior knowledge? An in-depth look into Black Box Kubernetes...
The Overlooked Threat in AI Models: Keras & Pickle File Vulnerabilities
While everyone focuses on prompt injection, the biggest threat lies in the background: AI model files (Keras, Pickle) executing malicious code. Learn...
Forgotten Secrets in the Frontend: What Hackers Extract from JavaScript Files
API keys, passwords, and AWS credentials left behind in compiled client-side JavaScript files (React, Vue) are prime targets for cyber attackers. Learn...
The Silent Assassin of Modern APIs: BOLA / IDOR Vulnerabilities and Their Impact
Why does the undisputed leader of the OWASP API Top 10, Broken Object Level Authorization (BOLA/IDOR), constantly evade WAF and DAST scanners? Defending...