Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
PyTorch Subverted Loading Mechanism Triggering ACE
Identifies hostile payloads manipulating the core PyTorch `torch.load()` functionality to bypass security parameters and execute unauthorized OS commands.
File Corruption & Ransomware via Serialization Opcodes
Catastrophic cybersecurity alert indicating an ML artifact executes destructive local operations mimicking Ransomware upon load.
Environmental Data Exfiltration Initiated via Model Execution
Critical security threat characterizing an ML serialization object stealthily extracting operational secrets and API keys to third-party endpoints.
Interactive Reverse Shell Initiated from Model Persistence
Critical vulnerability characterized by a machine learning model initiating a reverse shell connection back to an attacker's C2 server during the model...
Poisoned Model Artifact Detected with Obfuscated Shell Injection
Critical security threat identifying complex obfuscation techniques nested inside malicious serialization binaries. Uncover how Eresus identifies these...
ONNX Unsafe Attribute Parsing (Arbitrary Code Execution / DoS)
A severe vulnerability detecting weaponized ONNX models exploiting legacy internal processing loops—manipulating attributes and external data extraction...
LlamaFile Binary Shell Overloading Threat
Identifies highly specific payload injections targeting LlamaFile's native Cosmopolitan Libc architecture—hijacking the dual-executable parsing...
LiteRT Delegation Core Execution Exploits
Represents critical systemic integration failures explicitly targeting localized Hardware Delegation Frameworks (Core ML / NNAPI / Hexagon), exploiting...
LiteRT Out-of-bounds Read/Write (Heap Corruption)
A severe vulnerability exploiting malformed shape descriptors inside customized operators executing natively on edge GPUs—triggering out-of-bounds...