ServiceNow Confirms Attackers Accessed Customer Data Through Unauthenticated API Flaw
Attackers exploited an unauthenticated API endpoint in ServiceNow to access customer instance data. The company quietly patched the flaw on June 5 after detecting anomalous activity, but not before data was queried.