ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

/in

A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration.
The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike.
“A vulnerability has

The Hacker News – ​Read More

How passkeys work: Do your favorite sites even support passkeys?

/in

Join us on a typical passkey journey from discovery to registration to authentication to deletion.

Latest stories for ZDNET in Security – ​Read More

North American APT Uses Exchange Zero-Day to Attack China

/in

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

darkreading – ​Read More

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’

/in

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

Security Latest – ​Read More

A NVIDIA Container Bug & Chance to Harden Kubernetes

/in

A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.

darkreading – ​Read More

Someone used AI to impersonate a secretary of state – how to make sure you’re not next

/in

An identity protection expert shares tips on protecting yourself from AI scams.

Latest stories for ZDNET in Security – ​Read More

New AI Malware PoC Reliably Evades Microsoft Defender

/in

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

darkreading – ​Read More

Jack Dorsey says his ‘secure’ new Bitchat app has not been tested for security

/in

Dorsey admitted that his new messaging app had not been reviewed or tested for security issues prior to its launch.

Security News | TechCrunch – ​Read More

More than $40 million stolen from GMX crypto platform

/in

Decentralized exchange GMX disabled trading after it “experienced an exploit.” The heist involved more than $40 million in user funds.

The Record from Recorded Future News – ​Read More

This open-source bot blocker shields your site from pesky AI scrapers – here’s how

/in

Fed up with AI companies scraping your site’s content? Meet Anubis, the self-hosted, proof-of-work firewall that’s stopping AI bots in their tracks.

Latest stories for ZDNET in Security – ​Read More