ShinyHunters claims ongoing Salesforce Aura data theft attacks

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give ...
The Hacker News

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Modified AuraInspector scans misconfigured Salesforce Experience Cloud sites, extracting CRM data and enabling targeted vishing campaigns.
The Register on MSN

ShinyHunters claims more high-profile victims in latest Salesforce customers data heist

And they abused a Mandiant-developed open source tool in the attacks ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data ...

ShinyHunters claims it's behind ongoing Salesforce Aura data theft assault, warns more to come

Salesforce says no bugs being exploited, but the hackers claim otherwise.
SecurityWeek

Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign

Salesforce has issued another warning to customers as the notorious ShinyHunters cybercrime group has announced a new ...
CSOonline

Overly permissive ‘guest’ settings put Salesforce customers at risk

Salesforce warns that a threat campaign is exploiting overly permissive Experience Cloud guest configurations to harvest data from public portals. Salesforce is urging its customers to review their ...
Computer Weekly

Salesforce tracks possible ShinyHunters campaign targeting its users

Salesforce has warned users of an uptick in threat actor activity targeting Experience Cloud customers’ who have accidentally enabling overly permissive guest user configurations. Salesforce stressed ...
JD Supra

Salesforce Users: Organizations Using the Salesloft Drift AI Chat Agent with Salesforce Must Check Their Presence for Compromise

Salesloft issued a security notification on August 26 regarding its Drift application. It appears to be a broad opportunistic attack on Salesloft/Drift instances integrated with Salesforce tenants.