Resurgence of In-The-Wild Activity Targeting Critical ServiceNow Vulnerabilities

GreyNoise researchers have observed a significant resurgence of malicious activity exploiting three critical vulnerabilities within ServiceNow platforms. This campaign is generating substantial traffic, with the overwhelming majority of attacks directed at targets located in Israel. While specific threat actors or malware families have not been publicly attributed to this activity, the exploitation of critical service management vulnerabilities poses a severe risk to organizational integrity. Attackers likely aim to gain initial access or execute remote code within compromised instances. Organizations utilizing ServiceNow are urged to prioritize patching these identified vulnerabilities immediately to mitigate potential unauthorized access. Continuous monitoring of network traffic for exploitation attempts is recommended, particularly for entities operating within affected geographic regions. Immediate remediation is essential to prevent potential data breaches or service disruption resulting from these active exploitation campaigns targeting critical infrastructure.

GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities: "Resurgence of in-the-wild Activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel.

GreyNoise researchers have observed a significant resurgence of malicious activity exploiting three critical vulnerabilities within ServiceNow platforms. This campaign is generating substantial traffic, with the overwhelming majority of attacks directed at targets located in Israel. While specific threat actors or malware families have not been publicly attributed to this activity, the exploitation of critical service management vulnerabilities poses a severe risk to organizational integrity. Attackers likely aim to gain initial access or execute remote code within compromised instances. Organizations utilizing ServiceNow are urged to prioritize patching these identified vulnerabilities immediately to mitigate potential unauthorized access. Continuous monitoring of network traffic for exploitation attempts is recommended, particularly for entities operating within affected geographic regions. Immediate remediation is essential to prevent potential data breaches or service disruption resulting from these active exploitation campaigns targeting critical infrastructure. GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities: "Resurgence of in-the-wild Activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel. GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities: "Resurgence of in-the-wild Activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel.