The variety of reported vulnerabilities reached an all-time excessive in 2025, in response to the Nationwide Vulnerability Database, with greater than 48,000 new CVEs.
The excellent news is that, in response to specialists, the rise possible displays extra thorough reporting, not simply a rise in cyber-risk. Nonetheless, the array of vulnerabilities with which defenders should contend — and that attackers can exploit — is undeniably huge and rising.
Living proof: This week’s featured articles spotlight three new essential flaws, together with a critical AI-driven vulnerability, plus details about an rising menace to Linux environments.
ServiceNow AI vulnerability exposes buyer information and methods
A essential vulnerability in ServiceNow’s platform uncovered prospects’ information and methods to potential exploitation. The difficulty stemmed from weak authentication in its legacy chatbot, Digital Agent, which used a common credential and required solely an electronic mail tackle for person impersonation.
The flaw grew to become extra extreme with the combination of ServiceNow’s superior agentic AI, Now Help, enabling attackers to achieve admin-level entry and manipulate linked methods resembling Salesforce or Microsoft.
Aaron Costello, chief of safety analysis at SaaS safety vendor AppOmni, highlighted the exploit’s severity, calling it essentially the most extreme AI-driven vulnerability thus far. He additionally urged organizations to restrict AI brokers’ capabilities and implement thorough danger evaluations.
ServiceNow addressed the problem by updating credentials and disabling the exploited AI agent.
Important vulnerability in n8n places 1000’s of methods in danger
1000’s of enterprise methods could possibly be uncovered to a essential vulnerability that researchers found within the broadly used n8n workflow automation platform.
The flaw, brought on by a “content-type confusion” bug, has a severity rating of 10 and will allow attackers to bypass automation and entry delicate credentials, together with for Salesforce, AWS and OpenAI.
Researchers at cybersecurity vendor Cyera disclosed the vulnerability to n8n in November 2025, and n8n launched patches that very same month. Customers ought to improve to model 1.121.0 in the event that they have not already. At the moment, there isn’t any proof of exploitation.
Important AWS Console vulnerability threatened world provide chain safety
A essential vulnerability within the AWS Console, named CodeBreach, was found by Wiz researchers, posing a big danger of provide chain assaults.
The flaw was linked to triggers in AWS CodeBuild CI pipelines. Two lacking characters in a Regex filter, for instance, might allow unauthenticated attackers to compromise the construct atmosphere and hijack code repositories. This might have led to backdoor injections within the AWS JavaScript SDK, doubtlessly harvesting credentials, exfiltrating delicate information or manipulating cloud infrastructure.
AWS addressed the problem after its disclosure in August 2025. No proof suggests the vulnerability was exploited.
VoidLink malware targets Linux cloud environments
VoidLink is a complicated, modular malware framework concentrating on Linux environments, notably cloud and container methods. Found by Examine Level Analysis, it’s designed for stealthy, long-term entry and options customized loaders, implants, rootkits and plugins.
Developed by China-affiliated menace actors, VoidLink employs refined evasion strategies, runtime code encryption and adaptive habits primarily based on its atmosphere. It might detect main cloud suppliers, resembling AWS, Google Cloud and Azure, in addition to Kubernetes and Docker, and tailor its operations accordingly.
Whereas no real-world infections have been reported, its capabilities pose a big menace to Linux defenders, emphasizing the necessity for proactive safety measures.
Learn the total story by Elizabeth Montalbano on Darkish Studying.
Editor’s notice: An editor used AI instruments to assist within the era of this information temporary. Our professional editors at all times evaluation and edit content material earlier than publishing.
Alissa Irei is senior website editor of Informa TechTarget Safety.
