The Hacker News

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Modified AuraInspector scans misconfigured Salesforce Experience Cloud sites, extracting CRM data and enabling targeted ...
The Register on MSN

ShinyHunters claims more high-profile victims in latest Salesforce customers data heist

And they abused a Mandiant-developed open source tool in the attacks ShinyHunters told The Register that it has stolen data ...

ShinyHunters claims ongoing Salesforce Aura data theft attacks

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give ...

ShinyHunters claims it's behind ongoing Salesforce Aura data theft assault, warns more to come

Salesforce says no bugs being exploited, but the hackers claim otherwise.
Computer Weekly

Salesforce tracks possible ShinyHunters campaign targeting its users

Salesforce warned users of an uptick in malicious activity targeting Experience Cloud customers with misconfigured user ...
CSOonline

Overly permissive ‘guest’ settings put Salesforce customers at risk

Salesforce warns that a threat campaign is exploiting overly permissive Experience Cloud guest configurations to harvest data from public portals. Salesforce is urging its customers to review their ...
Dark Reading

'Overly Permissive' Salesforce Cloud Configs in the Crosshairs

Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.
Computer Weekly

ShinyHunters Salesforce cyber attacks explained: What you need to know

A campaign of cyber attacks orchestrated via social engineering against users’ Salesforce instances is now being attributed to the ShinyHunters cyber crime gang with growing confidence, and the list ...