Researchers at Lasso have found that sandboxing autonomous AI agents may not be enough to stop sensitive data theft after demonstrating multiple exfiltration techniques against NVIDIA’s NemoClaw and OpenShell environments. The findings show how attackers can abuse trusted tools and approved outbound connections to quietly steal credentials, manipulate agent behavior, and maintain persistence inside AI…
Tag: sandboxing
Global Security News
Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. […]
Apps, Global Security News
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078. File system exposure Two additional fixes address file system exposure on the host. CVE-2026-34079 prevents…