Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
Zero-Day Analysis: Authenticated SSRF in n8n-mcp (GHSA-4ggg-h7ph-26qr)
Yiğit İbrahim Sağlam discovered a critical Authenticated SSRF vulnerability in n8n-mcp. Learn how the x-n8n-url header was exploited to access...
Mythos, Machine-Speed Exploitation, and the Growing Importance of Identity Attack Paths
When Anthropic announced Mythos and the associated rollout plan, it sparked an immediate wave of discussion across the cybersecurity community about machine-speed compromise.
Zero-Day Analysis: Authenticated SSRF in n8n-mcp (GHSA-4ggg-h7ph-26qr)
Zero-Day Analysis: Authenticated SSRF vulnerability in n8n-mcp (GHSA-4ggg-h7ph-26qr) allowing attackers to query internal endpoints and exfiltrate cloud...
Technical Analysis of Fortinet CVE-2026-35616: Actively Exploited API Vulnerability
A deep dive into the critical CVSS 9.1 improper access control vulnerability (CVE-2026-35616) in FortiClient EMS, its exploitation landscape, and...
How to Build a Production-Grade gRPC Service in Go: A Step-by-Step Guide
Learn how to write a gRPC service in Go from scratch: Protobuf definitions, Unary/Streaming RPCs, PostgreSQL with GORM, Auth Interceptors, Rate...
Legacy SAST vs. AI-Powered Code Analysis: The Future of AppSec
Why are traditional Static Analysis (SAST) tools slowing down development teams? Learn how AI-powered autonomous agents are redefining application...
Cybersecurity for SMBs: A 5-Step Defense Strategy for Growing Teams
How can Small and Medium-Sized Businesses (SMBs) protect themselves from ransomware and data breaches on a tight budget? 5 actionable security steps.
The Alphabet of AppSec: Understanding the Difference Between SAST, DAST, and IAST
Confused by AppSec acronyms? Discover the core differences between SAST, DAST, and IAST to understand which testing methodology best secures your...
LLM and RAG Data Poisoning: Infiltrating Autonomous AI Models
How do threat actors execute Indirect Prompt Injections and Data Poisoning in Retrieval-Augmented Generation (RAG) architectures?