ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

July 10, 2025
No Comments

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration.
The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike.
“A vulnerability has

Leave a Reply Cancel reply

AI Impersonator Posed as Secretary of State Rubio to Target World Leaders July 9, 2025
An unidentified individual used artificial intelligence to impersonate U.S. Secretary of State Marco Rubio, contacting foreign ministers, a U.S. governor, and a member of Congress via voice and text messages, according to a State Department cable first seen by The Washington Post. The impersonator cloned Rubio’s voice using AI-powered software, then reached out through Signal, […]
Kirsten Doyle
Tax Credit Consultancy Exposes Nearly 250,000 Records in Major Data Breach July 9, 2025
A tax credit consulting firm seems to have exposed the personal data of thousands of Americans after leaving a slew of sensitive documents unprotected online. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor. As outlined by Fowler, the unencrypted, non-password-protected database contained 245,949 records, which translated to nearly […]
Kirsten Doyle
CISA Flags Four Actively Exploited Flaws, Urges Swift Remediation July 9, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four more security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing clear evidence of active exploitation in the wild. The latest additions span a range of technologies, some dating back more than a decade. The vulnerabilities are: CVE-2014-3931 (CVSS score: 9.8) – A buffer […]
Kirsten Doyle
Mitigating the Toxic Cloud Trilogy to Empower Everyone from the Most to the Least Tech-Savvy July 8, 2025
Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability. The toxic cloud trilogy of cloud workload risks – those that are publicly exposed, critically vulnerable, and highly privileged – represents the most dangerous. […]
Josh Breaker Rolfe
Ransomware Attack Cripples Ingram Micro, Disrupts Global Services July 8, 2025
Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group, one of the more active players in the 2025 threat landscape. By 6 July, the […]
Kirsten Doyle
Stolen Identities Now the Biggest Threat in Cybersecurity July 8, 2025
The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed cyber incidents, according to new research by eSentire’s Threat Response Unit (TRU). The findings mark […]
Kirsten Doyle
Ransomware in 2025: More Attacks, Bigger Targets, Fewer Confirmations July 7, 2025
The ransomware crisis continues to deepen. In the first half of 2025, 3,627 attacks were logged worldwide, a 47% jump from the same period last year. But confirmation remains scarce. According to Comparitech, of those incidents, just 445 were publicly acknowledged by victims. The rest were claimed by threat actors on their leak sites, often […]
Kirsten Doyle
Scattered Spider’s Pre-Attack Infrastructure Exposed: 500+ Phishing Domains Mimic Enterprise Logins July 7, 2025
The infamous cybercrime group known as Scattered Spider is expanding its playbook, and laying the groundwork long before the breach. New findings from Check Point Research reveal a sprawling infrastructure of more than 500 phishing domains, many designed to impersonate enterprise login pages. It’s a quiet phase of attack planning, but one that holds critical […]
Kirsten Doyle
Stop Ransomware in Its Tracks with Exfiltration Prevention July 7, 2025
Ransomware attacks have not only increased in numbers, but they have also evolved beyond data encryption and ransoms. Today’s attackers are increasingly turning to double or even triple extortion, extracting sensitive information to increase their leverage. According to the 2025 Verizon DBIR, 90% of ransomware attacks involved data exfiltration in 2024, up from 85% in 2023 […]
Brad LaPorte
From Manual to Mindful: Elevating IT Support in the Age of Intelligent Automation July 4, 2025
Across industries, IT support is undergoing a quiet revolution. While it once meant a reactive help desk resolving tickets on a first-come, first-served basis, today’s model is more proactive, data-driven, and increasingly powered by AI. At the centre of this shift are small and mid-sized enterprises (SMEs), which face a unique set of challenges: tighter […]
Robert Phan

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

Leave a Reply Cancel reply

[email protected]

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

Share :

Leave a Reply Cancel reply