The variety of reported vulnerabilities reached an all-time excessive in 2025<\/a>, in response to the Nationwide Vulnerability Database, with greater than 48,000 new CVEs.<\/p>\n The excellent news is that, in response to specialists, the rise possible displays extra thorough reporting, not simply a rise in cyber-risk. Nonetheless, the array of vulnerabilities with which defenders should contend — and that attackers can exploit — is undeniably huge and rising.<\/p>\n Living proof: This week’s featured articles spotlight three new essential flaws, together with a critical AI-driven vulnerability, plus details about an rising menace to Linux environments.<\/p>\n A essential vulnerability in ServiceNow’s platform uncovered prospects’ information and methods to potential exploitation. The difficulty stemmed from weak authentication in its legacy chatbot, Digital Agent, which used a common credential and required solely an electronic mail tackle for person impersonation.<\/p>\n The flaw grew to become extra extreme with the combination of ServiceNow’s superior agentic AI, Now Help, enabling attackers to achieve admin-level entry<\/a> and manipulate linked methods resembling Salesforce or Microsoft.<\/p>\n Aaron Costello, chief of safety analysis at SaaS safety vendor AppOmni, highlighted the exploit’s severity, calling it essentially the most extreme AI-driven vulnerability thus far. He additionally urged organizations to restrict AI brokers’ capabilities and implement thorough danger evaluations.<\/p>\n ServiceNow addressed the problem by updating credentials and disabling the exploited AI agent.<\/p>\n Learn the total story by Nate Nelson on Darkish Studying<\/i><\/a>.<\/i><\/p>\n<\/section>\n 1000’s of enterprise methods could possibly be uncovered to a essential vulnerability that researchers found within the broadly used n8n workflow automation platform.<\/p>\n The flaw, brought on by a “content-type confusion” bug, has a severity rating of 10 and will allow attackers to bypass automation and entry delicate credentials, together with for Salesforce, AWS and OpenAI.<\/p>\n Researchers at cybersecurity vendor Cyera disclosed the vulnerability to n8n in November 2025, and n8n launched patches that very same month. Customers ought to improve to model 1.121.0 in the event that they have not already. At the moment, there isn’t any proof of exploitation.<\/p>\n Learn the total story by David Jones on Cybersecurity Dive<\/i><\/a>.<\/i><\/p>\n<\/section>\n A essential vulnerability within the AWS Console, named CodeBreach, was found by Wiz researchers, posing a big danger of provide chain assaults<\/a>.<\/p>\n The flaw was linked to triggers in AWS CodeBuild CI pipelines. Two lacking characters in a Regex filter, for instance, might allow unauthenticated attackers to compromise the construct atmosphere and hijack code repositories. This might have led to backdoor injections within the AWS JavaScript SDK, doubtlessly harvesting credentials, exfiltrating delicate information or manipulating cloud infrastructure.<\/p>\n AWS addressed the problem after its disclosure in August 2025. No proof suggests the vulnerability was exploited.<\/p>\nServiceNow AI vulnerability exposes buyer information and methods<\/h2>\n
Important vulnerability in n8n places 1000’s of methods in danger<\/h2>\n
Important AWS Console vulnerability threatened world provide chain safety<\/h2>\n