@securityrss.bsky.social on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

securityrss.ai

securityrss.bsky.social

did:plc:geidqukzen75knciqkq77vgq

A new vulnerability in ServiceNow, identified as CVE-2025-3648, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs in February 2025, the flaw enables users to enumerate restricted data by manipulating URL filters. https://www.bleepingcomputer.com/news/security/new-servicenow-flaw-lets-attackers-enumerate-restricted-data/

2025-07-10T14:34:56.806Z