BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Salesforce Warns of API Attacks Exploiting Cloud Misconfigs

Data stolen from misconfigured Salesforce sites using a customized open-source attack tool.

  • Threat actors are actively exploiting misconfigured Salesforce Experience Cloud sites to steal sensitive data.
  • The attackers are using a customized version of an open-source auditing tool called AuraInspector to scan and extract information.
  • Salesforce states this is not a platform vulnerability but a result of customers not implementing recommended security settings.
  • The campaign is part of a growing trend of identity-focused attacks used to fuel social engineering schemes.

Security teams are on high alert as Salesforce warned on March 10, 2026, of a surge in cyberattacks targeting improperly configured customer websites. This campaign exploits overly permissive guest user settings on publicly accessible Experience Cloud sites to access confidential data. Threat actors, possibly the known group ShinyHunters, are leveraging a modified version of the open-source AuraInspector tool for these scans.

- Advertisement -

The original tool, released by Google-owned Mandiant, was designed to identify misconfigurations. However, the actor’s customized version goes beyond identification to actively extract data from vulnerable endpoints. This activity focuses on sites where the guest user profile has not followed recommended configuration guidance.

Consequently, an unauthenticated attacker can directly query Salesforce CRM objects without logging in. Salesforce said it has “not identified any vulnerability inherent to the Salesforce platform associated with this activity.” The company emphasized that these attempts exploit customer configuration settings that increase exposure if not properly secured.

Meanwhile, the harvested data, such as names and phone numbers, is often repurposed for follow-on attacks. Salesforce noted this reflects a broader trend of identity-based targeting used for social engineering. The firm has urged customers to review guest user permissions and restrict API access immediately.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

Must Read

Best Crypto Audiobooks of 2026: The Ultimate Listen & Learn Guide

You can't read Bitcoin charts while driving 70 mph on the highway. You can't study Ethereum whitepapers during your morning run. But you can...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading