Coverage: Last 24 hours

Today’s Highlights

AI-driven attack surfaces saw critical discoveries, with container escapes, identity abuse, and supply chain risks affecting enterprise defenders. Ongoing trends in AI application security and evolving social or organizational implications demand tailored countermeasures, especially where privileged access and hallucination risk intersect.

Table of Contents

1. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
2. NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
3. No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
4. Anthropic investigates report of rogue access to hack-enabling Mythos AI
5. AI hallucinations found in high-profile Wall Street law firm filing
6. Four key takeaways from Apple’s change of leadership

Top Stories

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Source: The Hacker News | Risk: Critical | Impacted: Terrarium AI sandbox deployments, MLOps teams, Container orchestrators running Terrarium workloads

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 (CVSS 9.3), is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according to the report.

Why it matters: Attackers exploiting this flaw can gain privileged code execution on hosts running Terrarium, leading to full system compromise in environments relying on container isolation.

Practitioner Perspective

Organizations deploying Python-based Terrarium sandboxes are at immediate risk of container escape via CVE-2026-5752. This vulnerability enables attackers to achieve root privileges on the underlying host, a scenario ripe for privilege escalation, persistence, and lateral movement. Given the CVSS score and the known attack vector exploiting JavaScript prototype chain traversal, defenders need to recognize that any workload separation assumptions are now invalid until patched. Any AI or sensitive data workloads on affected hosts should be considered exposed. The critical issue here is loss of trust in cloud or on-premises sandbox isolation: urgent remediation is nonnegotiable.

Recommended Actions

• Apply CVE-2026-5752 patches to all Terrarium instances immediately—manual container hardening is insufficient
• Audit existing Terrarium hosts for evidence of container breakout or privilege escalation attempts

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Source: The Hacker News | Risk: High | Impacted: Android payment app users, Brazilian financial institutions, Mobile device management teams

Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. “The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš Štefanko said in a report.

Why it matters: Mobile malware abusing legitimate applications now threatens users’ contactless payment data and PINs, exposing financial services and customers to direct loss.

Practitioner Perspective

Android ecosystems in Brazil are facing a surge in NGate malware campaigns that repurpose legitimate HandyPay apps by injecting AI-generated malicious code. This approach bypasses many app store and EDR defenses, making traditional signature-based detection ineffective. The threat actively targets NFC data exfiltration and PIN harvesting, posing supply chain risk to legitimate mobile payment apps. Defenders working in financial services or supporting Android fleets must treat all sideloaded or modified app distributions as high risk. The attack demonstrates AI’s role in accelerating novel malware customization—assume ongoing mutation.

Recommended Actions

• Hunt for modified HandyPay APKs within managed device inventories and block installations outside trusted enterprise sources
• Push app and OS updates to Android endpoints to minimize exploitation via known vectors

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Source: The Hacker News | Risk: High | Impacted: Cloud IAM environments, Organizations with exposed logins, Users relying on SSO or federated identity

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing and phishing campaigns.

Why it matters: Stolen credentials remain a low-friction route for attackers to gain unauthorized access, bypassing even mature network and endpoint defenses.

Practitioner Perspective

Security teams often over-index on patching and malware detection, while identity attacks anchored in credential theft continue to facilitate most real-world breaches. Common vectors include credential stuffing, phishing, and reuse—none require exploiting new software vulnerabilities. As attackers exploit federated identity and SSO hooks, organizations with excessive privileges or lack of MFA remain especially vulnerable. This means risk is not about technology gaps but about bad operational hygiene and over-trusted accounts. Defenders must double down on threat hunting and credential exposure monitoring, as prevention here is rarely 100 percent reliable.

Recommended Actions

• Enable enforced MFA across all externally accessible authentication endpoints
• Monitor cloud IAM logs for unusual login patterns (impossible travel, failed authentications, credential stuffing artifacts)

Anthropic investigates report of rogue access to hack-enabling Mythos AI

Source: The Guardian | Risk: High | Impacted: Organizations using Mythos AI APIs, Defensive application security teams, Software developers integrating LLM security tools

‘Handful’ of people allegedly gain unauthorised access to model adept at detecting cybersecurity vulnerabilities. The AI developer Anthropic has confirmed it is investigating a report that unauthorised users have gained access to its Mythos model, which it has warned poses risks to cybersecurity. The US startup made the statement after Bloomberg reported that unauthorized use had occurred.

Why it matters: Unauthorized access to AI models designed for security research could lead to attackers obtaining tooling or knowledge for identifying and exploiting software vulnerabilities.

Practitioner Perspective

AI models like Anthropic’s Mythos, capable of vulnerability detection, are a high-value asset for both defenders and adversaries. Reports of unauthorized access make it likely that attackers may attempt to repurpose such tooling for offensive purposes, including the rapid discovery of zero-days. Organizations relying on such models or partnering with their vendors need to ensure strict access control and supply chain due diligence. If the model or its outputs leave managed boundaries, expectation of unique attacker TTPs emerges. Treat any outputs or guidance from these models as sensitive intellectual property until the investigation clarifies what data leaked.

Recommended Actions

• Review third-party access logs for Mythos API usage anomalies
• Verify that internal usage of Mythos AI is restricted to authorized users via role-based access controls

AI hallucinations found in high-profile Wall Street law firm filing

Source: The Guardian | Risk: Medium | Impacted: Law firms, Regulated financial institutions, Enterprises using LLMs for client documentation

Sullivan & Cromwell apologises to New York federal judge for string of errors in documents for Prince Group case. The elite Wall Street law firm Sullivan & Cromwell has told a court that a major filing it made in a high-profile case contained errors resulting from hallucinations generated by artificial intelligence. Andrew Dietderich, the co-head of the firm, acknowledged the issue.

Why it matters: AI-generated inaccuracies in legal or regulatory contexts can introduce liability, mislead decision-makers, and create audit or reputational exposure.

Practitioner Perspective

Legal, compliance, and regulated industries increasingly rely on LLM-driven drafting, but model hallucinations can result in false citations and factual errors. This exposes firms to the risk of filing erroneous or misleading documentation, with stature implications for both legal outcomes and professional standing. Defenders in these sectors must assume that unvalidated AI outputs can and will be used operationally. Relying on LLM-based automation for high-stakes submissions without robust human review directly increases organizational risk. Build robust content assurance and attestation workflows before scaling LLM-driven document workflows.

Recommended Actions

• Require human legal review of any court filings or regulatory submissions prepared by LLMs
• Implement content validation tools to scan for nonsensical or fabricated citations in AI-generated documents

Four key takeaways from Apple’s change of leadership

Source: The Guardian | Risk: Low | Impacted: Apple, Tech Industry Analysts, Enterprise Technology Decision-makers

Analysts say next boss John Ternus should diversify tech giant away from iPhones and raise its game in AI. John Ternus takes over from Tim Cook as chief executive of Apple in September. The move symbolizes a shift in Apple’s leadership as it prioritizes new technology directions.

Why it matters: Leadership transitions at large tech firms often coincide with shifts in strategic priorities, which can reverberate through the global technology ecosystem and affect security roadmaps for dependent enterprises.

Practitioner Perspective

Enterprise security teams tracking Apple’s ecosystem should monitor potential shifts in Apple’s investment and technology strategy following John Ternus’s incoming leadership. New strategic priorities—especially regarding AI integration and supply chain partnerships—can lead to changes in platform security assumptions, update cycles, and enterprise support. Organizations heavily invested in Apple infrastructure or reliant on first-party vendor security initiatives should position themselves for early adaptation and reassessment.

Recommended Actions

• Monitor official Apple engineering updates for shifts in platform security direction
• Reassess third-party supply chain dependencies if Apple’s support model or technology roadmap is updated

Emerging Signals

See Four key takeaways from Apple’s change of leadership

Exploits & CVEs

See No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

AI Security

• Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
• NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
• Anthropic investigates report of rogue access to hack-enabling Mythos AI
• AI hallucinations found in high-profile Wall Street law firm filing

Defensive Actions

• Apply CVE-2026-5752 patches to all Terrarium instances immediately
• Audit existing Terrarium hosts for evidence of container breakout or privilege escalation
• Segregate Terrarium workloads from sensitive data and privileged network segments until remediation
• Review orchestrator logs for anomalous activity involving Terrarium containers
• Hunt for modified HandyPay APKs within managed device inventories and block installations outside trusted enterprise sources
• Push app and OS updates to Android endpoints
• Require human legal review of court filings or regulatory submissions prepared by LLMs
• Implement content validation tools to scan for fabricated citations in AI-generated documents
• Enable enforced MFA across all externally accessible authentication endpoints
• Review third-party access logs for Mythos API usage anomalies

What We’re Watching

• Critical container escape vulnerabilities in AI sandboxing runtime
• Surges in AI-adapted mobile malware targeting payment apps in specific regions
• New twists in identity-based attacks bypassing traditional controls
• Organizational adjustments driven by leadership transitions at major tech vendors
• Early trends in AI model access control lapses and downstream risk for defenders

Categories: Artificial Intelligence, Cybersecurity Blog

Tags: AI Security, cve, cybersecurity, Identity Management, Incident Response, Mobile Threats