Sponsored Spotlight: TextConcierge AI keeps busy families in sync via SMS-based shared calendars.
Turn simple texts into a coordinated family calendar. TextConcierge AI keeps every pickup, practice, and dinner plan synced for the people who live in their Messages app.
Perfect for busy US households who want everyone aligned without another app.
NPR's Ayesha Rascoe speaks to Wired magazine reporter Reece Rogers about the problems plaguing AI Chatbots and how they can be fixed.
Here are the latest rumors on the upcoming MacBook Pro refresh: Release date, details 9to5MaciPhone 17, 17 Pro launch soon: New design, camera, battery, price, release date and everything else expected India TodayApple Plans New MacBook Pro, iPhone 17e and iPads by Early 2026 Bloomberg.comApple to Launch New Low-Cost 11-Inch iPad in the Spring MacRumorsNow That Intel Is Cooked, Apple Doesn’t Need to Release New MacBooks Every Year Gizmodo
The British Business Bank, owned by the UK government, is creating a £500 million (around $674 million) economic package to help support diverse and underrepresented fund managers and founders in the country. Fifty million pounds will be set aside for female-led venture funds, which means the BBB has now committed at least £100 million (around [...]
Elon Musk’s artificial intelligence (AI) company xAI apologized to users for antisemitic posts authored by its chatbot Grok, pinning the blame on an update after conducting an investigation. “First off, we deeply apologize for the horrific behavior that many experienced,” the company said in a lengthy post on social media platform X. “Our intent for@grok...
'Firefox is Fine. The People Running It are Not' Slashdot
The Summerville Museum will host a historical lecture on Saturday, July 20, that explores the town's early roots, tracing its development through the 1840s.
Every hint, nudge and outright answer you need to complete today's NYT Strands puzzle.If you're reading this, you're looking for a little help playing Strands, the New York Times' elevated word-search game.Strands requires the player to perform a twist on the classic word search. Words can be made from linked letters — up, down, left, right, or diagonal, but words ...
Everything you need to solve 'Connections' #763.Connections is the one of the most popular New York Times word games that's captured the public's attention. The game is all about finding the "common threads between words." And just like Wordle, Connections resets after midnight and each new set of ...
[Kevin Cheung] likes to upcycle old soda cans into — well — things. The metal is thin enough to cut by hand, but he’d started using a manual die-cutting machine, ...read more
Here are some tips and tricks to help you find the answer to "Wordle" #1485.Oh hey there! If you're here, it must be time for Wordle. As always, we're serving up our daily hints and tips to help you figure out today's answer.If you just want to be told today's word, you can jump to the bottom of this article for ...
Looking for some help with today's NYT Mini crossword? In that case, extra clues and the answers are right here for you.
Hengbot’s AI LLM-Powered Open-Source Robot Dog is cheaper than an iPhoneRemember when robot dogs were either $75,000 industrial marvels that could open doors for the military, or $300 STEM kits that shuffled around like arthritic...
From Jaguar and Range Rover to Daewoo trucks, here's how Tata Motors quietly became a global force with some of the most iconic auto brands.
ModRetro's excellent Chromatic handheld is back in stack for good, and you can also buy it in a brand new variant.
Of Gen Z, 73% report having followed or spoken with a virtual influencer without recognizing that they weren’t a real person. Authenticity is being redefined as we enter a new era.
While cleaning the gunk off your engine isn't a bad idea, should you get out your power washer and go to town? The answer depends on a few different things.
ASUS reveals sleek line of 'Hatsune Miku' of PC hardware: new ROG Astral RTX 5080 'Hatsune Miku' card, PSU, motherboard, cooler, case, and more.Continue reading at TweakTown
Video: Digital Foundry Tests Switch 2's GameCube Emulation Nintendo LifeSwitch 2 Nintendo Switch Online GameCube analysis shows latency issues Nintendo Everything
Several days after temporarily shutting down the Grok AI bot that was producing antisemitic posts and praising Hitler in response to user prompts, Elon Musk’s AI company tried to explain why that happened. In a series of posts on X, it said that “...we discovered the root cause was an update to a code path [...]
Summerville (Post 21) clinched the South Carolina American Legion Baseball League 1 Championship July 8 with a win over Orangeburg (Post 4).
Police are investigating the midday discovery of a dead body at a Moncks Corner Parker's Kitchen on July 11.
SALTZMAN: So, should we accept or reject ‘cookies’? Toronto Sun
Approximately 100 physicians, nurse practitioners, physician assistants, dentists, pharmacists and mental health counselors from Kittitas and Yakima counties have unionized.
The iPhone 17 Pro may still be months away from its official debut, but leaked hands-on images are already generating buzz—thanks to a bold redesign that marks a significant shift in Apple’s visual direction. As an Android user, I’m personally glad to see the more rounded middle frame on the iPhone 17 Pro prototype. If [...]The post iPhone 17 Pro hands-on images reveal bold new camera island and softer frame edges appeared first on Gizmochina.
And no, not the delicious kind – taking these ‘bytes’ could be a privacy issue
The White House's play at bandwagoning on the 'Superman' hype highlights just how fast the right-wing grift machine runs.
EVIAN-LES-BAINS, France (AP) — Golf wasn’t the first love of Cara Gainer or Gabriela Ruffels, who grew up wanting to be professional tennis players and came close to making it.
The Pixel 10 prices could match the ones for the Pixel 9 – at least if you're buying the handsets in euros.
North Charleston Police are responding to a July 12 morning accident on I-526 at the Don Holt Bridge, prompting them to redirect traffic to Virginia Avenue, according to a statement.
Prime Day Tablet Deals Still Remaining: Last Chance to Save Up to $500 on Tablets from Apple, Samsung and OnePlus CNETThe iPad Is the Tablet to Buy, and It’s Under $300 Right Now WIREDI found the 26 best Amazon Prime Day Apple deals of 2025 CNNYou can still get Prime Day Amazon device deals up to 70% off on everything from Echo Buds to Blink video doorbells AboutAmazon.comPrime Day may be over, but you can still snag Apple AirPods at their lowest price ever New York Post
LONDON (AP) — Julian Cash and Lloyd Glasspool became the first all-British pair in 89 years to win the men's Wimbledon doubles title by defeating Rinky Hijikata and David Pel 6-2, 7-6 (3) Saturday on Centre Court.
A federal judge on Friday ordered the Trump administration to halt indiscriminate immigration stops and arrests in seven California counties, including Los Angeles.
Cal Raleigh hit his 37th and 38th home runs to move within one of Barry Bonds’ 2001 record for homers before the All-Star break, and the Seattle Mariners beat Detroit 12-3 on Friday night to end Tarik Skubal’s three-month unbeaten...
NVIDIA is giving away another flagship GeForce RTX 5090 Founders Edition graphics card, this time it's a custom Cyberpunk 2077-themed GPU.Continue reading at TweakTown
More Donkey Kong Bananza In-Store Demos Are Releasing Next Week Nintendo LifeDonkey KongTM Bananza Celebrations July 17-18 NintendoDonkey Kong Bananza Exists Because Yoshiaki Koizumi Asked the Mario Odyssey Team for a 3D Donkey Kong Game IGNNintendo admits Donkey Kong Bananza wasn’t originally a Switch 2 game PolygonNintendo created Donkey Kong’s biggest adventure by breaking everything The Verge
BOSTON (AP) — Ceddanne Rafaela hit a two-run, walk-off home run in the ninth inning and the Boston Red Sox extended their winning streak to a season-best eight games with a 5-4 win over the Tampa Bay Rays on Friday...
The post New Snapdragon Chip Aims to Supercharge Wear OS Watches appeared first on Android Headlines.
Elon Musk has rejected reports that his artificial intelligence venture xAI is gearing up for a new fundraising round.A report had suggested that the company is looking at a funding round that could value the company between $170 billion and $200 billion.What Happened: Saudi Arabia’s Public Investment Fund (PIF) was reported to play a crucial role in this deal, according to a Financial Times report. PIF already has an indirect stake in xAI through its investment in Kingdom Holdings Company, which has committed $800 million to the firm.Amid these reports, Musk commented on X, stating, “xAI is not seeking funding right now. We have plenty of capital.”These rumors are false. ...Full story available on Benzinga.com
BALTIMORE (AP) — Dean Kremer pitched seven innings of three-hit ball, Ryan O’Hearn and Ramón Laureano each had two RBIs and the surging Baltimore Orioles beat the Miami Marlins 5-2 on Friday night.
https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/" data-image-caption="" data-medium-file="https://hackaday.com/wp-content/uploads/2025/07/metr_llm_forecasted-vs-observed.png?w=400" data-large-file="https://hackaday.com/wp-content/uploads/2025/07/metr_llm_forecasted-vs-observed.png?w=800" />Recently AI risk and benefit evaluation company METR ran a randomized control test (RCT) on a gaggle of experienced open source developers to gain objective data on how the use ...read more
Here are some tips and tricks to help you find the answer to "Wordle" #1484.Oh hey there! If you're here, it must be time for Wordle. As always, we're serving up our daily hints and tips to help you figure out today's answer.If you just want to be told today's word, you can jump to the bottom of this article for ...
Every hint, nudge and outright answer you need to complete today's NYT Strands puzzle.If you're reading this, you're looking for a little help playing Strands, the New York Times' elevated word-search game.Strands requires the player to perform a twist on the classic word search. Words can be made from linked letters — up, down, left, right, or diagonal, but words ...
Everything you need to solve 'Connections' #762.Connections is the one of the most popular New York Times word games that's captured the public's attention. The game is all about finding the "common threads between words." And just like Wordle, Connections resets after midnight and each new set of ...
Amazon Prime Day is almost over, but there's still time to score some big savings on OLED, QLED, and Mini-LED TVs before the sales event ends.
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]
Trump plans to tour Texas flood damage as the scope of the disaster tests his pledge to shutter FEMA
Gaze into a screenless future with these Xreal's cutting-edge AR smart glasses.
While they sound mad, pickle brine is a long-established home remedy for cramps
Your peepers will squeak with delight at the perfect pixels in this panel.
I don’t know how I did anything around the house before I bought this.
Tom's Guide's exclusive NordVPN deal has been extended and there's still time to grab a free Amazon gift card and bonus months of NordVPN. Here are the details.
New method replaces nickel and cobalt in battery for cleaner, cheaper lithium-ion batteries Tech Xplore
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances.Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0."An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in
World champion back in maillot jaune as Mathieu van der Poel can't hold GC contenders' pace
That's not all that debuted at the Festival of Speed: Lanzante revealed a supercar paying tribute to the McLaren F1
ANKARA, Turkey (AP) — A group of 30 Kurdish fighters clad in camouflage fatigues burned their weapons in a large cauldron in northern Iraq on Friday, in a symbolic gesture marking the first concrete step in an effort to end...
In a letter to the FCC, the wireless carrier said it would end its diversity, equity and inclusion policies "not just in name, but in substance."
Samsung has officially launched its next generation of wearables, the Galaxy Watch 8 series, at the recent Unpacked event. The new smartwatches build on what Samsung already does well: solid fitness tracking, seamless Android integration, and consistent design. But with the Galaxy Watch 8 series, Samsung has decided to make a few bolder changes, both [...]The post What’s new in the Galaxy Watch 8 and Watch 8 Classic: 5 key features appeared first on Gizmochina.
Razer has launched the DeathAdder V4 Pro, the latest version of its best-selling gaming mouse. It is designed for competitive gaming and built with input from professional esports players. The DeathAdder V4 Pro features Razer HyperSpeed Wireless Gen-2, which offers over 63 percent better power efficiency and 37 percent lower latency than the previous generation. [...]The post Razer Launches DeathAdder V4 Pro with 8000 Hz Wireless and Eco-Friendly Build appeared first on Gizmochina.
The post OpenAI's Next Move: An AI Web Browser to Rival Chrome appeared first on Android Headlines.
Philips has announced the new Evnia 27M2N3800A gaming monitor, aimed at gamers looking for high performance and flexibility. The 27-inch Fast IPS display supports a dual mode setup, allowing users to switch between 3840 x 2160 resolution at 160Hz and 1920 x 1080 resolution at 320Hz. This lets gamers choose between high detail or smoother [...]The post Philips Evnia Gaming Monitor Up for Pre-Order with 4K UHD at 160Hz and Full HD at 320Hz appeared first on Gizmochina.
It's kind of silly to read comics on a device built for productivity, and yet...
While most high school students are enjoying their summer vacation, a group of East Bay teens decided they would rather spend their free time in the classroom and try to perfect their latest invention.
FAIRFAX, Va. (AP) — Brittney Sykes scored 18 points, Shakira Austin had 16 points and eight rebounds, and the Washington Mystics closed on a 12-2 run to beat the short-handed Las Vegas Aces 70-68 on Thursday night.
Sometimes, the right tech product can change your life.
The Arc’teryx Atom Insulated Hoody is currently 30% off via REI. This is not a drill.
High-fidelity data enabled AI agent’s swift resolution of a simulated issue while reducing data tokenization with AWS Bedrock by an estimated 80% WESTFORD, Mass.–(BUSINESS WIRE)–NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT), a leading provider of observability, AIOps, cybersecurity, and DDoS attack protection solutions, today announced its recent participation in TM Forum’s NeuroNOC Catalyst, an innovation project at DTW [...]
Xiaomi has started rolling out the HyperOS 2.2 update for global users. The Xiaomi 14 Ultra in India is now receiving the update with version number 2.0.201.0.VNAINXM. The update is 1.3GB in size and includes the June 2025 Android security patch. Xiaomi 14 Ultra: Xiaomi HyperOS 2.2 update details The update brings several system improvements. [...]The post Xiaomi 14 Ultra Gets HyperOS 2.2 Update in India: New Features and Fixes Detailed appeared first on Gizmochina.
Google is expected to launch the Pixel 10 series on August 20, including the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and Pixel 10 Pro Fold. While the company hasn’t officially confirmed details, the Pixel 10 Pro Fold has surfaced on Geekbench, revealing key specifications. The foldable is listed with the motherboard codename [...]The post Google Pixel 10 Pro Fold Benchmark Leak Confirms Tensor G5 and 16GB RAM appeared first on Gizmochina.
Using light to 3D print liquid resins is hardly a new idea. But researchers at the University of Texas at Austin want to double down on the idea. Specifically, they ...read more
Explore the rich interplay between annihilation and Vector Boson Fusion (VBF) production at high-energy muon colliders, revealing their relative scaling, crossover energies, and which mode dominates for new physics discovery.
Plus, you get a streaming stick for your troubles.
Leo, Richard, and Paul discuss Patch Tuesday, Windows 11, Microsoft 365, AI, more Microsoft layoff tidbits, Xbox angst, and much more.The post Windows Weekly 940: The Donkey Always Wins appeared first on Thurrott.com.
The post Apple Kicks Off Display Production of Its Foldable iPhone appeared first on Android Headlines.
Until last year, prompt engineering was considered an essential skill to talk with LLMs. Of late, LLMs have made tremendous headway in their reasoning and understanding capabilities. Needless to say, our expectations have also drastically scaled. A year back, we were happy if ChatGPT could write a nice email for us. But now, we want [...]
21 Amazon Prime Day deals that are actually worth your money — no fluff, just real savings
Malaysian solo developer Mas is delighted to announce that Artis Impact is launching on PC via Steam on 7th August 2025.The post Artis Impact Will Begin Its Journey on Steam on August 7, 2025 appeared first on COGconnected.
10 raw but talented bull riders compete for one golden ticket into PBR. Here's how to watch "Last Cowboy Standing" season 2 online from anywhere.
My KeepCup is probably my most prized possession; I take it everywhere, use it for coffee, tea, and water and it's so easy to clean that switching to a reusable cup has been an absolute breeze.
Funding led by Javelin Venture Partners will accelerate development of LGND's geospatial AI tools. NEW YORK, July 10, 2025 /PRNewswire/ -- LGND AI, Inc., a company building new ways for people and AI to interact with Earth data, today announced it has raised $9 million in financing. The...
Here's what new, unexpected show has knocked Squid Game off the #1 spot in Netflix's top 10 list.
Enterprise asset management can help companies prevent problems down the line, such as equipment failure. Learn some best practices to follow to bring about success.
NovaEx is a next-generation cryptocurrency exchange offering access to spot and futures markets across a wide range of digital assets. NovaEx offers access to a range of spot assets and perpetual futures pairs, powered by a high-speed matching engine and scalable global infrastructure. The platform employs a multi-layered security framework to protect user assets and data at every stage.
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems."These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and
Where are my fiends for reading data?Maybe you've seen a bunch of BookTok recommendations fly by without saving them, madly scribbled down titles talked about in your go-to podcasts, or have tried to remember the book your friend recommended over that third glass of Bourgogne aligoté? Sure, you could ...
The first trailer for The Morning Show season 4 has finally dropped, and Marion Cotillard’s new character could be key to Alex and Bradley’s reunion.
Ericsson has secured the highest ranking in the recently published Omdia Market Landscape RAN Vendors report for 2025. This recognition highlights Ericsson’s leadership in both business performance and portfolio, underscoring its commitment to innovation and excellence in the industry. NEWS JUL 09, 2025 #Omdia #5GRAN #MassiveMIMO The Omdia assessment covered 11 radio access network (RAN) vendors, categorizing [...]
Bharti Airtel and Ericsson (NASDAQ: ERIC) have deepened their long-standing relationship with a new agreement to support Bharti Airtel’s rollout of Fixed Wireless Access (FWA) services in India with its core network portfolio. The deployment will enhance Airtel core capability and capacity for Fixed Wireless Access, thereby elevating customer experience for Airtel FWA users. PRESS [...]
Here are the answers for The New York Times Mini Crossword for July 10.
Valerie VargasSenior Vice President of Creative Content and Advertising for AT&T Building on last year’s creative advertising campaign, “Sleep with Rain” which featured Rainn Wilson, AT&T Business continues the fun and reunites the team to launch another innovative product. This time, actor and comedian Craig Robinson pivots from comedy to small business ownership with “Wake Up with CrAIg.” His visionary idea [...]
For a limited time, get up to $1,100 when you trade in your eligible phone any year, any condition. Plus get a Galaxy Watch8 and Tab A9+ 5G for $0.99 per month each. Key Takeaways: Available online and in-stores, customers can pre-order the new Samsung Galaxy Z Fold7 and Galaxy Z Flip7 today, with general availability beginning July 25. For a limited [...]
Best Prime Day laptop deals 2025: Live updates on MacBook, Windows, and more discounts ZDNetThe Best Prime Day Deals on Laptops and Tablets We Recommend The New York TimesI Found the 50 Best Gaming Deals for Amazon Prime Day 2025 IGNBest Amazon Prime Day Deals Live — The Best Tech & PC Hardware Deals Tom's HardwareNot a typo — Amazon slashed $1,300 off this HP laptop (and more for Prime Day) nypost.com
Samsung’s summer Unpacked show in Brooklyn wasn’t just about foldable phones. The company also rolled out three new wearables—the Galaxy Watch 8, Watch 8 Classic, and an updated Galaxy Watch Ultra in Titanium Blue—each packing a faster chip, brighter screens, and some genuinely fresh health features. The regular Galaxy Watch 8 comes in 40 mm and 44 mm sizes (Graphite or Silver) and is Samsung’s [...]The post Samsung unveils Galaxy Watch 8, Classic, and Watch Ultra (2025) series with new AI tricks and health tracking features appeared first on Gizmochina.
Your only outdoor space is a balcony? You can still smoke a brisket.
After briefly taking down its European education stores earlier today, Apple has officially launched its 2025 Back to School promotion across the continent.Like in the U.S., this year’s offer includes a free pair of AirPods or other accessories with the purchase of a qualifying Mac or iPad through the Apple Store for Education website. Here are the details. more...
Fossil has announced two watches in its limited-edition Marvel x Fossil Fantastic Four collection. The first model is based on Reed Richards’ wrist-computer from the upcoming Fantastic Four: First Steps movie. The second, launching on July 14, 2025, is inspired by the cosmic villain Galactus. The latest addition to the collection, the Galactus watch, features [...]The post Two Marvel x Fossil Fantastic Four Watches Revealed, Including New Galactus Model appeared first on Gizmochina.
Looking for help with today's NYT Mini Crossword puzzle? Here are some hints and answers for the puzzle.
Furman University President Elizabeth Davis presided over the class of 2025 commencement exercises, which took place Saturday, May 10, in Paladin Stadium on campus.
Away has deals on two of its Bigger Carry-On suitcases.
A vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and standard data configuration tables to beef up security..Researchers at Varonis told ServiceNow about the hole over a year ago, allowing it to quietly patch its platform as well as issue a security update to customers in May. But after ServiceNow this week issued a Common Weakness Enumeration (CVE-2025-3648) describing the problem, Varonis published details.Hopefully by now admins have taken advantage of the patch, with its new security capabilities.“The update from ServiceNow addressed a vulnerability that could have allowed low privileged users to access restricted data,” IDC President Crawford Del Prete told CIO.com. “These kinds of situations are always potentially serious, given the kind of data that ServiceNow handles.“In terms of remediation, admins need to make sure Access Control lists (ACLs) are configured properly and well managed,” he said in an email. “In a credit to ServiceNow, the company changed its default posture with recent patches to a ‘default deny’ posture, making sure that access to non-privileged users is not inadvertently granted.“ServiceNow environments (like many) are highly dynamic, with users and rights changing often. Keeping a focus on making sure changes are properly managed is critical,” he added.‘Act ASAP’Charles Betz, a principal analyst for enterprise architecture at Forrester Research, called it “a pretty serious vulnerability.”“People need to do this [follow ServiceNow’s advice] ASAP,” he said in an interview. “There is risk [that threat actors] are going to go after their data with the CVE being published.”“If you’re running a big production system like ServiceNow and not paying attention to security issues, you’re not doing your job,” he added. “You’ve had two months [since the security update was released] and now it’s gone public ... Other things need to slip back in the queue.”In an email, Yogev Madar, Varonis’ security research group manager, said that ServiceNow admins need to review the ACLs in their environment and take advantage of new access mechanisms to make sure the vulnerability can’t be abused.That includes making sure the ACLs aren’t solely dependent on data or script conditions that could lead to abuse, using the new ACL mechanism called ‘Deny else’ that provides better access control, and using the new Query ACL rule to limit the operators that can be used in queries and limit enumeration attempts.Even authenticated users can exploit the bugThe access control vulnerability allows unauthenticated, and even authenticated users, under certain conditions to use query requests to access data they aren’t supposed to get. To blunt this threat, ServiceNow has introduced additional access control list frameworks in the Xanadu and Yokohama versions of the platform.“This vulnerability was relatively simple to exploit, and required only minimal table access, such as a weak user account within the instance or even a self-registered anonymous user, which could bypass the need for privilege elevation and resulted in sensitive data exposure,” said Varonis in its blog. It isn’t aware of any cases where this vulnerability was exploited before ServiceNow issued the patch in May. Varonis warned ServiceNow about the hole, dubbed Count(er) Strike, in February, 2024.Platform can hold huge amount of sensitive dataA cloud-based platform, ServiceNow offers a wide range of capabilities including IT service management, IT operations management, customer service management, human resources service delivery, governance, risk, and compliance, healthcare and life sciences service management and more, meaning it can store a wide-range of sensitive personal data.According to Varonis, ServiceNow organizes virtually all information into tables, including elements like incidents and requests, instance properties and configurations, user data, application credentials, and much more. Each of these items is stored as a record within its respective table.The platform creates connections between tables using reference fields, which allow information to be shared across different tables. For example, a reference field in the Incidents table might link to a specific user record in the Users table, allowing that related data to be viewed across multiple tables. Access to these tables is managed mainly through Access Control List (ACL) rules. which determine what data users can access and how they can interact with it. A ServiceNow instance can contain tens of thousands of ACL rules, Varonis says.The key components of an ACL rule in ServiceNow are the resources the admin wants to protect (such as a table, field, or record), the operation, which specifies the type of access being controlled (such as read, write, create, or delete), and the conditions that must be met for the rule to apply.Four conditions for accessFour conditions in each ACL determine whether a user meets the requirements to access a specific resource:Required roles: This condition specifies the roles required to access a particular resource. If a user has one of the roles listed in the ACL, they are granted access;Security attribute condition, which uses security attributes to determine access;Data condition: This condition evaluates specific criteria related to the data itself. For instance, you might set a condition that limits access to only records with a certain status or within a specific date range.Script condition: This condition allows for the execution of custom logic. Admins can write scripts to implement complex security rules beyond simple role or data conditions. A script can be written to grant access only when a certain configuration in the instance is set, or only when a user is authenticated.These four ACL conditions for access are evaluated by ServiceNow in that order.Varonis discovered that ServiceNow denies access depending on which ACL conditions are unmet. If access to a resource is blocked due to either of the first two conditions — the “Required Roles” or “Security Attribute Condition” — access is denied.However, if access is denied due to failing the “Data Condition” or “Script Condition,” the user is presented with a page that shows the total count of records returned by the query, even if no records are visible. A threat actor can then use the application’s query parameters to infer detailed data through enumeration. Even worse, a threat actor could automate this process by writing a simple script for enumeration, Varonis said, allowing them to retrieve full record data from the table. They can then begin to retrieve the results from the HTML source. “No special configurations or plug-ins are needed,” noted Varonis, “just a user account in the ServiceNow instance with partial table or column access.”New ACL rules can be createdIf enabled, ServiceNow’s self-registration feature allows new users to create accounts and access an instance without prior administrator approval, Varonis added. While this simplifies onboarding for external users for basic access, it could also allow a threat actor to get that same access.“Though it is rare for instances to allow anonymous registration and access, this configuration was found in the ServiceNow systems of several Fortune 500 companies,” Varonis noted.Tables susceptible to the attack are those with ACLs with empty or overly broad “Requires Roles” and “Security Attribute Condition” sections. “This means any table protected only by data or script condition is fully exposed to the attack,” said Varonis.To address the vulnerability, ServiceNow created several new ACL rules that admins can implement. One is called Query ACL, which adds restrictions on the queries a user can execute on a table to retrieve records. New security data filters can also restrict access to records based on role or security attributes related to assertions.ServiceNow offers guidance for managing access control lists, as well as advice for admins and developers.“This vulnerability in ServiceNow is a powerful reminder that even well-established platforms can have dangerous blind spots when it comes to access control,” Gal Nakash, chief product office at Reco, a provider of SaaS security solutions, said in an email.“What makes this flaw especially concerning is the ease of exploitation. It doesn’t require privilege escalation or deep technical expertise, just misconfigured ACLs and clever use of query filters. That’s a low bar for potentially high-impact data exfiltration,” he wrote.“For organizations, especially those in regulated sectors like healthcare, finance, or government, this is a wake-up call. Access Control Lists (ACLs) must be configured with a ‘least privilege’ mindset, roles and security attributes should never be left empty or overly broad. ServiceNow’s new Query ACLs and security data filters offer powerful protections, but they only work if admins actively use and test them. But configuration alone isn’t enough. Admins should continuously monitor for anomalies like unusual query patterns or access by low-privilege users and audit permission changes across tables and roles.”