CleanStart Production Containers Now Run Shell-Less and Read-Only Without Changing a Single Line of Developer Code

New clnimg-init binary automates the transition to hardened production runtimes, allowing developers to keep their existing Dockerfiles, pipelines, and workflows intact while security teams get ...
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...