ServiceNow, a major enterprise software company, has confirmed that attackers exploited a vulnerability in its platform to access data from customer instances. The company deployed a security update on June 5, 2026, to fix the flaw, which involved an API endpoint that lacked proper authentication controls.