Security researchers have raised alarms about a surge in cyberattacks exploiting three year-old vulnerabilities in ServiceNow. According to GreyNoise, these vulnerabilities, disclosed in May 2024 and patched in July 2024, have seen renewed activity, particularly against systems in Israel. The flaws can potentially allow attackers to gain full database access to sensitive employee information hosted on ServiceNow. While ServiceNow claims no customer impact has been observed, past threats have targeted various sectors, including private companies and government agencies. The resurgence highlights ongoing cybersecurity vulnerabilities in widely used platforms.