Best of 2025: UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk
Is your Salesforce environment integrated with third-party apps like Salesloft Drift? If so, your organization could be at risk...
Salesforce
Salesforce: Some Customer Data Accessed via Gainsight Breach
The highly publicized data breaches earlier this fall of Salesforce customers that was linked to Salesloft’s Drift application is...
Salesforce Confirms New Breach Linked to Gainsight Apps
Image: Markus Spiske/Unsplash Another day, another third-party scare in the Salesforce ecosystem. Salesforce confirmed that it is investigating “unusual activity...
Salesforce alerts users to potential data exposure via Gainsight OAuth apps
Salesforce alerts users to potential data exposure via Gainsight OAuth apps Pierluigi Paganini November 21, 2025 Salesforce warns that unusual...
Security Advisory: Salesforce Gainsight Incident
On November 19, 2025 at 8:00 PM, Salesforce issued a security advisory after detecting unusual activity associated with Gainsight-published...
Hackers Trick Staff Into Exposing Major Companies’ Salesforce Data–Find Out if You’re Safe
Cybercriminals tricked employees at major global companies into handing over Salesforce access and used that access to steal millions of...
BreachForums seized, but hackers say they will still leak Salesforce data
Law enforcement agencies in the United States and France have seized control of domains linked to the notorious BreachForums hacking...
Salesforce Refuses to Pay Ransom to Data-Stealing Hackers
Salesforce reportedly is refusing to pay a ransom demanded by hackers who claim to have stolen more than 1 billion...
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this...
Smashing Security podcast #437: Salesforce’s trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in...
ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection
ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection Pierluigi Paganini September 27, 2025 Researchers disclosed a critical...
Salesforce Faces Lawsuits Over Compromises of Third-Party Apps: Report
Salesforce executives for much of the year have reiterated that an onslaught of cyberattacks on a range of its partners...
FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups
FBI Warns of Salesforce attacks by UNC6040 and UNC6395 groups Pierluigi Paganini September 13, 2025 The U.S. FBI issued a...
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America...
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America...
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)