---
title: Threat Intelligence Center - Capstone Technologies Group
description: Critical AI vulnerability discovered in ServiceNow affecting Virtual Agent and Now Assist. Understand the threat landscape and essential mitigation strategies.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=259
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=259.
markdown-tokens: 1199
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=259. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Illustration of Virtual Agent](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/5b2e370f82.jpg) ](https://captechgroup.com/threat-intelligence-center/most-severe-ai-vulnerability-to-date-hits-servicen-fb3a50 "'Most Severe AI Vulnerability to Date' Hits ServiceNow")  ServiceNow has disclosed what security researchers are calling the most severe AI vulnerability identified to date, affecting its Virtual Agent and Now Assist platforms. This critical vulnerability exposes organizations to significant operational and security risks across their AI-powered service delivery infrastructure.



 

 

 

 

  [ ![Illustration of ChatGPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/a1c57a15e5.jpg) ](https://captechgroup.com/threat-intelligence-center/fake-ai-chrome-extensions-steal-900k-users-data-vo-4ca55b "Fake AI Chrome Extensions Steal 900K Users' Data: VoidLink Campaign Exposed")  Security researchers have identified a large-scale campaign distributing fake AI Chrome extensions that compromised approximately 900,000 users. The malicious extensions impersonate legitimate tools including ChatGPT for Chrome with GPT-5, Claude Sonnet, DeepSeek AI, and AI Sidebar variants, collectively tracked as VoidLink. These counterfeit extensions harvest sensitive user data and credentials.



 

 

 

  [ ![Illustration of CVE-2026-23550](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/bbf4b0e14b.jpg) ](https://captechgroup.com/threat-intelligence-center/critical-wordpress-modular-ds-plugin-flaw-actively-42494b "Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access")  Security researchers have identified a critical vulnerability in the WordPress Modular DS plugin, tracked as CVE-2026-23550, that is currently being actively exploited in the wild. This flaw allows attackers to escalate privileges and gain administrative access to affected WordPress installations.



 

 

 

  [ ![Illustration of LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c11aae7ca7.jpg) ](https://captechgroup.com/threat-intelligence-center/lastpass-warns-of-fake-maintenance-messages-target-3507a2 "LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords")  LastPass has identified a targeted phishing campaign using fraudulent maintenance messages to compromise user master passwords. Attackers are impersonating legitimate system notifications to trick users into revealing their most sensitive credentials.



 

 

 

  [ ![Illustration of CVE-2025-67652](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/3c279821e9.jpg) ](https://captechgroup.com/threat-intelligence-center/automationdirect-click-programmable-logic-controll-913330 "AutomationDirect CLICK Programmable Logic Controller Security Vulnerabilities: CVE-2025-25051 and CVE-2025-67652")  Security researchers have disclosed critical vulnerabilities in the AutomationDirect CLICK Programmable Logic Controller platform, identified as CVE-2025-25051 and CVE-2025-67652. These vulnerabilities present substantial risks to critical manufacturing environments that depend on PLC systems for operational continuity.



 

 

 

  [ ![](https://captechgroup.com/images/capstone/cybersecurity-services-dayton-columbus-cincinnati.webp) ](https://captechgroup.com/threat-intelligence-center/gitlab-2fa-login-protection-bypass-lets-attackers-54517d "GitLab 2FA Login Protection Bypass Lets Attackers Take Over Accounts") Security researchers have identified a critical vulnerability in GitLab that allows attackers to bypass two-factor authentication protections and gain unauthorized access to user accounts. This authentication bypass represents a significant risk to organizations relying on GitLab for source code management and CI/CD operations.

 

 

 

 

  [ ![Illustration of CVE-2025-8110](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/8d71c3a6cb.jpg) ](https://captechgroup.com/threat-intelligence-center/cisa-warns-of-active-exploitation-of-gogs-vulnerab-41e3c9 "CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution") The Cybersecurity and Infrastructure Security Agency has issued a critical warning regarding active exploitation of vulnerabilities in Gogs, a self-hosted Git service. CVE-2024-55947 and CVE-2025-8110 are being actively exploited in the wild to achieve remote code execution on vulnerable systems.
