Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
How Often Should You Penetration Test? (Scrapping the Annual Audit Myth)
How frequently does your company need a penetration test? Why the traditional 'once-a-year' pentest is actively putting modern software infrastructure...
Black Box, White Box vs Grey Box Penetration Testing: Which Should You Choose?
Understand the key differences between Black Box, White Box, and Grey Box penetration testing to select the right cybersecurity approach for your business.
The Depths of BOLA and IDOR: Exploiting REST and GraphQL APIs
What is BOLA (Broken Object Level Authorization)? Discover how threat actors exploit access control logic in APIs and how autonomous agents eradicate them.
What is DevSecOps? Automating Security with the 'Shift-Left' Approach
Understand the core principles of DevSecOps and Shift-Left security. Learn how to automate security checks directly into your software development...
Penetration Testing Pricing in 2026: Cost Factors & Budget Guide
A comprehensive 2026 guide to penetration testing costs. Learn exactly how pricing is determined for web, mobile, and network security assessments.
The Legal Mandate of Penetration Testing in GDPR and Data Privacy Compliance
Is penetration testing legally mandatory under GDPR or similar privacy laws? Discover what regulators actually demand to avoid catastrophic compliance...
What is Agentic Cybersecurity? Are AI Agents Replacing Pentesters?
Discover the differences between Agentic Security architecture and manual penetration testing, and explore the future of AI in offensive cybersecurity.
Breaking MCP Authentication: How a Single Line of Code Exposes an Entire Legal Database
Eresus Security discovers a critical authentication bypass in yargi-mcp, a popular open-source MCP server for Turkish legal databases. A single...
Critical Authentication Bypass via JWT Signature Verification Disabled in yargi-mcp
Critical authentication bypass vulnerability (CVE pending) in yargi-mcp OAuth endpoint allowing full system access due to disabled JWT signature...