Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
The Simplest Bug is the Deadliest: Remote Code Execution (RCE) via Pickle in Machine Learning
Sometimes the simplest bugs are the most dangerous—especially when they’ve been hiding in plain sight. In the world of Machine Learning (ML), data ...
New Perseus Android Banking Malware Monitors Notes Apps for Sensitive Data
A novel Android banking malware dubbed 'Perseus' exploits accessibility services via phishing apps to monitor device screens, harvest sensitive data...
The Overlooked Attack Surface: Hunting 0-Days in AI Model Files
When discussing cybersecurity in Artificial Intelligence, everyone fixates on API security, prompt injections, and web vulnerabilities. Meanwhile, ...
Artificial Intelligence (LLM) Manipulations: Prompt Injection and RAG Poisoning
How does the shiny new ChatGPT clone your company launched fall straight into the hands of cyber attackers? An anatomical breakdown of Direct and...
Critical Vulnerabilities in AI Frameworks (GGUF & MXNet): The Heap Overflow Threat
Model compression standards like GGUF make running LLMs easy, but are they secure? Discover how malicious model files induce memory and heap overflows...
API Security in Fintech Applications: Why WAFs Are Never Enough
Today, the digital lifeblood connecting banking software, crypto wallets, open banking integrations, and payment gateways is the API (Application...
The Hidden Cyber Risks of Integrating AI in E-Commerce and Enterprise Systems
Artificial Intelligence is no longer just a futuristic concept; it’s the technology engine driving personalized shopping, automating inventory mana...
Deep Dive: Axios Supply Chain Attack Deploys Cross-Platform RAT
A comprehensive technical analysis of the recent Axios npm supply chain attack. We break down the obfuscated plain-crypto-js dependency, the exact...
How to Build Fully Autonomous and Secure CI/CD Pipelines
Discover the DevSecOps secrets and strategies for building autonomous, highly observable, and inherently secure CI/CD pipelines for modern engineering...