Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
The Limitations of WAF: Why Firewalls Alone Can't Prevent Hacks
Your company relies on a pricey WAF (Web Application Firewall) to block threats. But why is a WAF completely blind to logical flaws? Discover how manual...
Kubernetes (K8s) Penetration Testing Playbook: The Black Box Approach
How do cyber attackers breach your Kubernetes (K8s) clusters from the outside without prior knowledge? An in-depth look into Black Box Kubernetes...
The Overlooked Threat in AI Models: Keras & Pickle File Vulnerabilities
While everyone focuses on prompt injection, the biggest threat lies in the background: AI model files (Keras, Pickle) executing malicious code. Learn...
Forgotten Secrets in the Frontend: What Hackers Extract from JavaScript Files
API keys, passwords, and AWS credentials left behind in compiled client-side JavaScript files (React, Vue) are prime targets for cyber attackers. Learn...
The Silent Assassin of Modern APIs: BOLA / IDOR Vulnerabilities and Their Impact
Why does the undisputed leader of the OWASP API Top 10, Broken Object Level Authorization (BOLA/IDOR), constantly evade WAF and DAST scanners? Defending...
ERESUS-ADV-2026-002: Server-Side Request Forgery (SSRF) via Cloud Metadata Endpoints
Analysis of widespread SSRF vulnerabilities in cloud environments (AWS, GCP, Azure) exposing critical metadata endpoints and credentials.
Critical RCE Vulnerability in Legacy Enterprise Gateway
Critical Remote Code Execution (RCE) vulnerability in a legacy enterprise API gateway allowing unauthenticated root access.
Hacking Humans: Social Engineering and the Psychology
Social engineering engagements are the most exciting and heart pumping. It doesn’t begin at the badge reader or the front desk. The access occurs when someone makes a decision.
Automated Red Teaming Scans of Agentic Workflows Using Eresus Sentinel
We are thrilled to announce the integration of Eresus Sentinel with Enterprise Agents, a groundbreaking step in securing LLM application deployments.