sandbox-escape

The Ephemeral Illusion: Why the Cloud Sandbox is not a Safe Zone

John Z Black Apr 22, 2026

Security Operations & Resilience #cloud-security #azure #aws-lambda #sandbox-escape #serverless #containers #iam

We have been told that serverless environments are secure because they are temporary. New research on Azure and AWS Lambda proves that attackers are learning how to live in the layer underneath.

Patch Now: OpenClaw CVE-2026-41296 Is a Full Sandbox Escape

John Z Black Apr 21, 2026

Vulnerabilities & Patching #openclaw #cve-2026-41296 #sandbox-escape #toctou #patch-now

A TOCTOU race condition in OpenClaw's file handling allows a full sandbox escape. Version 2026.3.31 fixes it. If you're running an older version, stop reading and go patch.

Docker's Authorization Bypass Is Back. It's Been Broken for a Decade.

John Z Black Apr 8, 2026

Vulnerabilities & Patching #docker #container-security #authz-bypass #cve-2026-34040 #ai-agents #sandbox-escape

Pad an HTTP request past 1MB and Docker's AuthZ plugins see nothing. CVE-2026-34040 has been sitting in Docker Engine since 2016, and researchers showed AI agents can be tricked into exploiting it.