Dark Reading

'Most Severe AI Vulnerability to Date' Hits ServiceNow

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.
Cybernews

BodySnatcher flaw lets attackers take over ServiceNow's AI agents

A critical AI security vulnerability, dubbed “BodySnatcher,” highlights how the growing power of AI agents within workflow ...
The Hacker News

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow fixed CVE-2025-12420, a critical flaw that let unauthenticated attackers impersonate users on its AI Platform.

ServiceNow patches critical security flaw allowing user impersonation

It is the most severe AI-driven vulnerability ever found, researchers say ...
CSO Online

ServiceNow BodySnatcher flaw highlights risks of rushed AI integrations

A vulnerability that impacts Now Assist AI Agents and Virtual Agent API applications could be exploited to create backdoor ...
CRN

VMware, ServiceNow, Acronis Vulnerabilities Exploited: 5 Things To Know

New disclosures Monday pointed to attacks exploiting vulnerabilities in the three vendors’ platforms. New disclosures Monday revealed attacks exploiting vulnerabilities in widely used platforms from ...
Security Boulevard

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

Enterprise security teams are beginning to encounter a category of access failure that feels unfamiliar only because its consequences arrive faster than expected.  Systems that once required multiple ...
Security

ArmorCode announces ServiceNow Vulnerability Response integration

This integration strengthens vulnerability management programs by harnessing AI-powered correlation and remediation. ArmorCode today announced the launch of two new apps in the ServiceNow Store. This ...
Opinion
Security BoulevardOpinion

We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster

The recently disclosed ServiceNow vulnerability should terrify every CISO in America. CVE-2025-12420, dubbed “BodySnatcher,” represents everything wrong ...