News

ServiceNow Patches Critical CVE-2025-12420 Vulnerability in AI Platform

Luciano Ferrari

13 Jan 2026 — 2 min read

Tuesday, January 13, 2026

Top 5 Cybersecurity Stories You Should Know

ServiceNow Patches Critical CVE-2025-12420 Vulnerability in AI Platform — tl;dr: ServiceNow has addressed a critical security flaw, CVE-2025-12420, in its AI Platform that allowed unauthenticated users to impersonate others and perform unauthorized actions. The vulnerability, with a CVSS score of 9.3, was patched on October 30, 2025, affecting numerous hosted instances. Organizations using Now Assist AI Agents and Virtual Agent API should ensure they are on the latest versions to mitigate risks. This incident highlights the importance of regular updates and monitoring for security vulnerabilities in SaaS applications.
↪ https://thehackernews.com/
World Economic Forum: Cyber-Fraud Surpasses Ransomware as Top Concern — tl;dr: According to the World Economic Forum's Global Cybersecurity Outlook for 2026, cyber-fraud has overtaken ransomware as the primary concern for business leaders. The report reveals that 77% of surveyed leaders experienced an increase in cyber-enabled fraud, particularly phishing attacks, which affected 62% of respondents' networks. The rise of AI-related vulnerabilities further complicates the cybersecurity landscape, with 94% of leaders anticipating AI's significant impact on cybersecurity by 2026. To combat these threats, the WEF emphasizes the need for coordinated action across sectors and borders, urging leaders to prioritize cyber resilience and collective accountability.
↪ https://www.infosecurity-magazine.com/news/fraud-overtakes-ransomware-as-top/
Cyber Fraud Surpasses Ransomware as CEOs' Primary Concern: WEF Report — tl;dr: The World Economic Forum's Global Cybersecurity Outlook 2026 report reveals a significant shift in CEO concerns, with cyber-enabled fraud now surpassing ransomware as the top threat. In a survey, 73% of CEOs reported being affected by cyber fraud in 2025, while 77% observed an increase in such incidents. AI vulnerabilities and software exploitation follow as major concerns. Despite this shift, ransomware remains a top issue for CISOs, highlighting a divergence in focus between CEOs and cybersecurity leaders. Organizations are urged to enhance their cybersecurity measures, particularly around AI tool security and fraud prevention.
↪ https://www.securityweek.com/cyber-fraud-overtakes-ransomware-as-top-ceo-concern-wef/
Ransomware Threats in 2025: Key Findings from Sophos Report — tl;dr: The Sophos report on ransomware in 2025 reveals that exploited vulnerabilities are the primary cause of attacks, with phishing and compromised credentials also significant factors. While data encryption rates have dropped, the percentage of attacks stopped before encryption has increased, indicating improved defenses. Despite a decline in ransom demands and payments, nearly half of enterprises still paid ransoms, and backup usage has plummeted. The report highlights the increased pressure on IT teams post-attack, emphasizing the need for better preparedness and resource allocation to combat ransomware effectively.
↪ https://www.sophos.com/blog/the-state-of-ransomware-in-enterprise-2025
Strategies for Effective Data Breach Detection and Prevention — tl;dr: Data breaches pose significant risks to organizations across various sectors, necessitating robust detection and prevention strategies. Key approaches include implementing advanced threat detection technologies, ensuring compliance with regulations like GDPR and HIPAA, and fostering a culture of cybersecurity awareness among employees. Organizations should also prioritize incident response plans, focusing on timely notification to affected individuals and regulatory bodies. By adopting a proactive stance on data security, businesses can mitigate the impact of breaches and protect sensitive information from cybercriminals.
↪ https://www.databreachtoday.com/