The Hacker News

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Modified AuraInspector scans misconfigured Salesforce Experience Cloud sites, extracting CRM data and enabling targeted ...
The Register on MSN

ShinyHunters claims more high-profile victims in latest Salesforce customers data heist

And they abused a Mandiant-developed open source tool in the attacks ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data ...
Dark Reading

Salesforce 'Ghost Sites' Expose Sensitive Corporate Data

Salesforce customers are abandoning their sites without deactivating them, leaving sensitive corporate, vendor, and user data behind. The problem occurs within what the service calls "Communities," ...
CSOonline

Inactive, unmaintained Salesforce sites vulnerable to threat actors

Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors. Improperly deactivated and unmaintained ...
Krebs on Security

Many Public Salesforce Sites are Leaking Private Data

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has ...

ShinyHunters claims it's behind ongoing Salesforce Aura data theft assault, warns more to come

Salesforce says no bugs being exploited, but the hackers claim otherwise.