Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
GGUF Metadata Parsing Flaws (Llama.cpp Buffer Overflows)
Identifies highly critical buffer overflow attacks manipulating the internal metadata and vocabulary tensors of GGUF files to exploit C++ parsers like...
Extraction-Triggered Environment Override (Path Overwriting)
An advanced attack where a malicious model archive weaponizes extraction processes to overwrite critical environment-level objects, seizing control of...
Execution of Arbitrary Code via Model Config Architecture Targets
Identifying advanced threats where malicious executables are obfuscated as configuration objects inside an ML model archive, triggering Remote Code...
Machine Learning Archive Zip Slip (Path Traversal) Threat
Identifies severe path traversal vulnerabilities (Zip Slip) occurring during the automated extraction of compressed machine learning model packages.
Zero-Day Analysis: Authenticated SSRF in n8n-mcp (GHSA-4ggg-h7ph-26qr)
Yiğit İbrahim Sağlam discovered a critical Authenticated SSRF vulnerability in n8n-mcp. Learn how the x-n8n-url header was exploited to access...
Mythos, Machine-Speed Exploitation, and the Growing Importance of Identity Attack Paths
When Anthropic announced Mythos and the associated rollout plan, it sparked an immediate wave of discussion across the cybersecurity community about machine-speed compromise.
Zero-Day Analysis: Authenticated SSRF in n8n-mcp (GHSA-4ggg-h7ph-26qr)
Zero-Day Analysis: Authenticated SSRF vulnerability in n8n-mcp (GHSA-4ggg-h7ph-26qr) allowing attackers to query internal endpoints and exfiltrate cloud...
Technical Analysis of Fortinet CVE-2026-35616: Actively Exploited API Vulnerability
A deep dive into the critical CVSS 9.1 improper access control vulnerability (CVE-2026-35616) in FortiClient EMS, its exploitation landscape, and...
How to Build a Production-Grade gRPC Service in Go: A Step-by-Step Guide
Learn how to write a gRPC service in Go from scratch: Protobuf definitions, Unary/Streaming RPCs, PostgreSQL with GORM, Auth Interceptors, Rate...