A serious vulnerability in ServiceNow's AI tools allows unauthenticated users to create backdoor admin accounts. Dubbed "BodySnatcher," this flaw highlights the risks of rapidly integrating AI features without proper security measures. ServiceNow has patched the issue, but potential risks remain due to custom configurations.

A vulnerability in ServiceNow, identified as Count(er) Strike, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs, the flaw enables users to enumerate restricted data by manipulating queries, potentially exposing sensitive information even in instances with limited access. ServiceNow has introduced new ACL frameworks to mitigate this issue, but organizations are advised to review their existing configurations to ensure data security.