Author: Aaron Costello, Chief of Security Research, AppOmni
-
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
BodySnatcher (CVE-2025-12420) exposes a critical agentic AI security vulnerability in ServiceNow. Aaron Costello’s deep dive analyzes interplay between Virtual Agent API and…
-
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
Aaron Costello uncovers how second-order prompt injection turns AI agents against their own systems. He explains how attackers exploit ServiceNow’s Now Assist…
-
Salesforce Industry Clouds: 0-days and Exploitable Misconfigs
AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn how misconfigurations expose sensitive data and…
-
Low-Code, High Stakes: Why Security Can’t Be an Afterthought for Customers Using Salesforce Industry Clouds
New research reveals critical security flaws in Salesforce industry clouds. Discover the risks and how to protect your organization now.
-
Achieving CISA BOD 25-01 Compliance and SCuBA Alignment
Learn how to achieve compliance for CISA’s BOD 25-01 and SCuBA alignment with AppOmni, updated for M365 SCuBA compliance checks.
-
Microsoft Power Pages: Data Exposure Reviewed
Learn about a data exposure risk in Microsoft Power Pages due to misconfigured access controls, highlighting the need for better security and…
-
Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered
Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
-
Potential Widespread Data Exposure Analysis: Oracle NetSuite
Read the blog for an analysis on the potential data exposure of Oracle NetSuite with a thorough understanding of NetSuite access control…
-
SaaS Risks in Healthcare: Anatomy of a Data Exposure at the HSE
SaaS Security Engineer Aaron Costello explains how to handle sensitive data in SaaS apps, as learned from misconfiguration in Ireland’s vaccination portal…
-
Balancing Act: Navigating the Advantages and Risks of ServiceNow’s New Security Attributes
Security Attributes offer an alternative method for access control via role definitions, designed to be human-readable and offer detailed auditing and logging.
