Aaron Costello

‼️ New Research Drop ‼️ I’m excited to share my latest @AppOmniSecurity Labs research: a CVSS 9.3 critical vulnerability in #ServiceNow’s AI platform. It's dubbed "BodySnatcher" (CVE-2025-12420) because of its novel exploit path: it allowed an unauthenticated attacker to impersonate any user on the platform and execute powerful out-of-the-box (OOB) AI agents with the victim's permissions. The result? Complete platform takeover. Read my write-up here for the juicy technical details: appomni.com/ao-labs/bodysn… #cybersecurity #ai #saas #vulnerability

AI Security Digest – Week 2, 2026 1️⃣ ZombieAgent, new ChatGPT vulnerabilities let data theft continue and spread - radware.com/blog/threat-in… - @radware 2️⃣ OWASP Agentic AI Top 10, threats in the wild - labs.lares.com/owasp-agentic-… - @Lares_ 3️⃣ AI Tool Poisoning, hidden instructions threaten AI agents - crowdstrike.com/en-us/blog/ai-… - @CrowdStrike 4️⃣ Broken authentication and agentic hijacking in ServiceNow, BodySnatcher - appomni.com/ao-labs/bodysn… - @ConspiracyProof, @AppOmniSecurity 5️⃣ IBM AI (“Bob”) downloads and executes malware - promptarmor.com/resources/ibm-… - @PromptArmor 6️⃣ The first question security should ask on AI projects - cloudsecurityalliance.org/blog/2026/01/0… - @cloudsa 7️⃣ Pwning Claude Code in 8 different ways - flatt.tech/research/posts… @flatt_sec_en 8️⃣ Inside GoBruteforcer, AI generated server defaults, weak passwords, crypto focused campaigns - research.checkpoint.com/2026/inside-go… - @_CPResearch_, @CheckPointSW 9️⃣ Where AI systems leak data, a lifecycle review of real exposure paths - praetorian.com/blog/where-ai-… - @Praetorian 🔟 Lack of isolation in agentic browsers resurfaces old vulnerabilities - blog.trailofbits.com/2026/01/13/lac… - @trailofbits 1️⃣1️⃣ Weaponizing Apple’s AI for offensive operations, Part 2 - hxr1.ghost.io/weaponizing-ap… 1️⃣2️⃣ What AI agents can teach us about NHI governance - blog.gitguardian.com/what-ai-agents… - @GitGuardian 1️⃣3️⃣ Threat actors actively targeting LLMs - greynoise.io/blog/threat-ac… - @GreyNoiseIO 1️⃣4️⃣ AI’s bottleneck isn’t models or tools, it’s security - zkorman.com/posts/ai-bottl… @ZackKorman 1️⃣5️⃣ Turning AI safeguards into weapons with HITL dialog forging - checkmarx.com/zero-post/turn… - @Checkmarx 1️⃣6️⃣ The agent security paradox, trusted commands in Cursor become attack vectors - pillar.security/blog/the-agent… @Pillar_sec 1️⃣7️⃣ Bad vibes, comparing the secure coding capabilities of popular coding agents - blog.tenzai.com/bad-vibes-comp… @Tenzai_Labs 1️⃣8️⃣ Why your AI agent needs different monitoring, Part 1 - @michael.hannecke/why-your-ai-agent-needs-different-monitoring-and-how-to-build-it-1702b48ee605" target="_blank" rel="nofollow noopener">medium.com/@michael.hanne… 1️⃣9️⃣ Remote code execution with modern AI/ML formats and libraries - unit42.paloaltonetworks.com/rce-vulnerabil… - @Unit42_Intel, @PaloAltoNtwks 2️⃣0️⃣ The map is not the territory, the agent tool trust boundary - niyikiza.com/posts/map-terr… 2️⃣1️⃣ AI Security Guide, 300 plus pages of practical guidance on protecting AI and data centric systems - owaspai.org - @owasp 2️⃣2️⃣ Process to build agents across your organization, build secure process - learn.microsoft.com/en-us/azure/cl… - @Microsoft

@martin_vigo Appreciate it brother, but it's not as cool as tracking down a major cellphone theft operation 😉

Badass 👇👇

@TheHackersNews Thank you for covering my research!

🚨 New exploit found in ServiceNow’s Now Assist AI platform. Researchers showed one AI agent could recruit others to steal data and send emails — even with protections enabled. Misconfigurations, not models, opened the door. How it happened ↓  thehackernews.com/2025/11/servic…

@nbk_2000 @ngalongc You can write a script to crawl a site and locate custom component descriptors, then fetch the controller + helper JS methods which will net you the names of methods within the custom lightning controller and their params (+ types)

@ngalongc Have you got an unauthenticated way to enumerate all the off-the-shelf 3rd party plugins/modules an org is using?

@monkehack @ngalongc @ngalongc Definitely take a look at my whitepaper on auditing custom Apex :) go.appomni.com/hubfs/Collater…

@ngalongc @ConspiracyProof At least from my experience it’s usually clear enough when something is custom - also would recommend checking out SOQL injection too

Unfortunately (for us), no default CRUD for Custom Objects. 99% of objects will always be dictated by Guest Sharing Rules (and read perm on object via profile) explicitly. Pre Winter '21 release, orgs could set 'View All' object permission for Guest Users which overrode Sharing Rules 😢

@ngalongc @OriginalSicksec @bibek0x01 Glad to hear my blog was helpful for you! Feel free to reach out if you have any Qs about Salesforce hacking. Been doing this sh*t for 4 years 😅

Spoke to @ConspiracyProof about his discovery of 1.1 million NHS employees' records being leaked online, Aaron previously discovered a HSE data breach that left the data of 1 million people vulnerable.

@ThisIsDK999 Thanks @ThisIsDK999!

awesome research as always!! 🔥

Want to know how you can hack Microsoft Power Page websites? How I was able to access (and later secure) PII of 1.1 MILLION #NHS employees? With my latest blog post, you can learn how to pentest a Power Page site for data leaks in as little as 2 minutes. Check it out below: appomni.com/ao-labs/micros… #bugbounty

More than 1,000 ServiceNow instances have been discovered to be exposing potentially sensitive Knowledge Base data, according to @ConspiracyProof, chief of SaaS security research at @AppOmniSecurity. bit.ly/3B6Bn01

@rez0__ Pleasure is mine brother, thank you 🙏

Aaron is an insane hacker and it’s a privilege to work with him. Check out his latest findings on netsuite.

Want to know how I could've hacked thousands of Oracle NetSuite sites in order to extract sensitive information? It was so severe that within days, Oracle rolled out multiple hardening measures to reduce the risk of it happening again. If you're a pentester, security engineer, NetSuite admin or a bug bounty hunter, this is a must read as I can guarantee that these issues will rear their again head in the future!

Spoke to @ConspiracyProof about his discovery of the HSE vaccine data of one million people being exposed, and how he published a warning on the vulnerability one year before.

@darraghduffy @adrianweckler Assuming they were able to confirm there was no data exposed, IMO it goes from being an obligation, to a responsibility, to disclose. Not necessarily to the DPA, but to the public. They could've come across well IMO given the timeframe in which they remediated the issue.

@darraghduffy @adrianweckler This is the thing, there was more than one way to access this information. It's difficult to say from where I'm standing if they analysed the various sources of logs sufficiently, as I was given no evidence. Cont.

HSE “misconfigured” a Covid vaccination database, leaving vaccination details of over 1m here potentially exposed. Personal data available seems limited (full name, vac details), but HSE didn’t inform DPC, which may not go down well. m.independent.ie/irish-news/hse…