The variety of reported vulnerabilities reached an all-time excessive in 2025, based on the Nationwide Vulnerability Database, with greater than 48,000 new CVEs.
The excellent news is that, based on specialists, the rise probably displays extra thorough reporting, not simply a rise in cyber-risk. Nonetheless, the array of vulnerabilities with which defenders should contend — and that attackers can exploit — is undeniably huge and rising.
Living proof: This week’s featured articles spotlight three new vital flaws, together with a critical AI-driven vulnerability, plus details about an rising risk to Linux environments.
ServiceNow AI vulnerability exposes buyer knowledge and programs
A vital vulnerability in ServiceNow’s platform uncovered prospects’ knowledge and programs to potential exploitation. The problem stemmed from weak authentication in its legacy chatbot, Digital Agent, which used a common credential and required solely an e mail tackle for consumer impersonation.
The flaw turned extra extreme with the mixing of ServiceNow’s superior agentic AI, Now Help, enabling attackers to acquire admin-level entry and manipulate related programs equivalent to Salesforce or Microsoft.
Aaron Costello, chief of safety analysis at SaaS safety vendor AppOmni, highlighted the exploit’s severity, calling it essentially the most extreme AI-driven vulnerability to this point. He additionally urged organizations to restrict AI brokers’ capabilities and implement thorough threat critiques.
ServiceNow addressed the problem by updating credentials and disabling the exploited AI agent.
Important vulnerability in n8n places 1000’s of programs in danger
1000’s of enterprise programs could possibly be uncovered to a vital vulnerability that researchers found within the broadly used n8n workflow automation platform.
The flaw, attributable to a “content-type confusion” bug, has a severity rating of 10 and will allow attackers to bypass automation and entry delicate credentials, together with for Salesforce, AWS and OpenAI.
Researchers at cybersecurity vendor Cyera disclosed the vulnerability to n8n in November 2025, and n8n launched patches that very same month. Customers ought to improve to model 1.121.0 in the event that they have not already. Presently, there isn’t any proof of exploitation.
Important AWS Console vulnerability threatened international provide chain safety
A vital vulnerability within the AWS Console, named CodeBreach, was found by Wiz researchers, posing a big threat of provide chain assaults.
The flaw was linked to triggers in AWS CodeBuild CI pipelines. Two lacking characters in a Regex filter, for instance, might allow unauthenticated attackers to compromise the construct atmosphere and hijack code repositories. This might have led to backdoor injections within the AWS JavaScript SDK, probably harvesting credentials, exfiltrating delicate knowledge or manipulating cloud infrastructure.
AWS addressed the problem after its disclosure in August 2025. No proof suggests the vulnerability was exploited.
VoidLink malware targets Linux cloud environments
VoidLink is a sophisticated, modular malware framework focusing on Linux environments, significantly cloud and container programs. Found by Examine Level Analysis, it’s designed for stealthy, long-term entry and options customized loaders, implants, rootkits and plugins.
Developed by China-affiliated risk actors, VoidLink employs subtle evasion strategies, runtime code encryption and adaptive habits primarily based on its atmosphere. It could detect main cloud suppliers, equivalent to AWS, Google Cloud and Azure, in addition to Kubernetes and Docker, and tailor its operations accordingly.
Whereas no real-world infections have been reported, its capabilities pose a big risk to Linux defenders, emphasizing the necessity for proactive safety measures.
Learn the total story by Elizabeth Montalbano on Darkish Studying.
Editor’s word: An editor used AI instruments to help within the era of this information temporary. Our professional editors at all times overview and edit content material earlier than publishing.
Alissa Irei is senior website editor of Informa TechTarget Safety.
