EresusSecurity
Research & Intelligence

Eresus research, advisory, and security news

We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.

Advisory Analysis · 3Guide · 1News · 3Research · 100

Latest Posts

Executable Config Threats

ONNX Unsafe Attribute Parsing (Arbitrary Code Execution / DoS)

A severe vulnerability detecting weaponized ONNX models exploiting legacy internal processing loops—manipulating attributes and external data extraction...

2026-04-27Read
Runtime Threats

LlamaFile Binary Shell Overloading Threat

Identifies highly specific payload injections targeting LlamaFile's native Cosmopolitan Libc architecture—hijacking the dual-executable parsing...

2026-04-27Read
Runtime Threats

LiteRT Delegation Core Execution Exploits

Represents critical systemic integration failures explicitly targeting localized Hardware Delegation Frameworks (Core ML / NNAPI / Hexagon), exploiting...

2026-04-27Read
Runtime Threats

LiteRT Out-of-bounds Read/Write (Heap Corruption)

A severe vulnerability exploiting malformed shape descriptors inside customized operators executing natively on edge GPUs—triggering out-of-bounds...

2026-04-27Read
Deserialization Threats

Keras Model Lambda Layer Suspicious Operator Detected at Model Load Time

High-severity deserialization threat identifying suspicious or highly uncharacteristic operational routines within a Keras Lambda layer payload upon...

2026-04-27Read
Deserialization Threats

Keras Extracted Object Hijacking & DoS Corruptions

Advanced exploitation where seemingly secure Keras architectures (.h5 or .keras) manipulate intrinsic layer attributes or geometry to crash execution...

2026-04-27Read
Deserialization Threats

Keras HDF5 Lambda Layer Arbitrary Code Execution

Identifies insecure legacy Keras objects (`.h5` or `.hdf5`) attempting to deserialize and execute malicious Python scripts hidden inside Lambda layer...

2026-04-27Read
Deserialization Threats

Joblib Model Suspicious Code Execution Detected at Model Load Time

Identifies suspicious execution sequences during a Joblib model load indicating potentially obstructed deserialization threats.

2026-04-27Read
Deserialization Threats

Joblib / Scikit-Learn Arbitrary Code Execution (ACE)

Identifies insecure object deserialization attacks utilizing the popular Scikit-Learn Joblib persistency library, granting attackers remote execution...

2026-04-27Read
123456789101112