EN, Search Security Resources and Information from TechTarget

News brief: Security flaws put thousands of systems at risk

<p>The number of reported vulnerabilities <a target=”_blank” href=”https://www.darkreading.com/cybersecurity-analytics/vulnerabilities-surge-messy-reporting-blurs-picture” rel=”noopener”>reached an all-time high in 2025</a>, according to the National Vulnerability Database, with more than 48,000 new CVEs.</p>
<p>The good news is that, according to experts, the increase likely reflects more thorough reporting, not just an increase in cyber-risk. Still, the array of vulnerabilities with which defenders must contend — and that attackers can exploit — is undeniably vast and growing.</p>
<p>Case in point: This week’s featured articles highlight three new critical flaws, including a serious AI-driven vulnerability, plus information about an emerging threat to Linux environments.</p>
<section class=”section main-article-chapter” data-menu-title=”ServiceNow AI vulnerability exposes customer data and systems”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>ServiceNow AI vulnerability exposes customer data and systems</h2>
<p>A critical vulnerability in ServiceNow’s platform exposed customers’ data and systems to potential exploitation. The issue stemmed from weak authentication in its legacy chatbot, Virtual Agent, which used a universal credential and required only an email address for user impersonation.</p>
<p>The flaw became more severe with the integration of ServiceNow’s advanced agentic AI, Now Assist, enabling attackers to <a href=”https://www.techtarget.com/searchsecurity/tip/6-ways-to-prevent-privilege-escalation-attacks”>gain admin-level access</a> and manipulate connected systems such as Salesforce or Microsoft.</p>
<p>Aaron Costello, chief of security research at SaaS security vendor AppOmni, highlighted the exploit’s severity, calling it the most severe AI-driven vulnerability to date. He also urged organizations to limit AI agents’ capabilities and implement thorough risk reviews.</p>
<p>ServiceNow addressed the issue by updating credentials and disabling the exploited AI agent.</p>
<p><a target=”_blank” href=”https://www.darkreading.com/remote-workforce/ai-vulnerability-servicenow” rel=”noopener”><i>Read the full story by Nate Nelson on Dark Reading</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter”

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: