Threat Post

Most ServiceNow Instances Misconfigured, Exposed

Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction. Nearly 70 percent of instances of ...
The Hacker News

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow fixed CVE-2025-12420, a critical flaw that let unauthenticated attackers impersonate users on its AI Platform.
Bleeping Computer

Over 1,000 ServiceNow instances found leaking corporate KB data

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors.
Hosted on MSN

Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities

ServiceNow fixed three flaws in July 2024, but researchers from GreyNoise saw a resurgence of abuse The flaws can be used for full database access Users should patch immediately to make sure they are ...
CSOonline

Nearly 70% of tested ServiceNow instances leaking data

A configuration error in the SaaS platform of an S&P 500 company is leaking data on the internet. News of the misconfiguration mistake found in nearly 70% of ...
Diginomica

Multi-tenant or multi-instance? ServiceNow exposes the debate

Multi-tenancy and multi-instance emerged as a discussion topic at a recent ServiceNow event. Brian Sommer unpicks the arguments. In a multi-tenant cloud application, essentially all of the customers ...