ALL POSTS

Key Findings Threat actors are mass-scanning publicly accessible Salesforce Experience Cloud sites using a modified version of the open-source AuraInspector tool. The modified tool is capable of extracting data by exploiting overly permissive guest user settings, allowing access to sensitive CRM data. The activity does not involve a vulnerability in the Salesforce platform but targets customer configuration issues. The campaign is attributed to a known threat actor group, pos

Key Findings Everest ransomware group claims to have breached Chrysler systems and stolen over 1TB of data Stolen data includes extensive customer, dealer, and internal records spanning 2021-2025 Over 105GB of Salesforce-related information is reportedly part of the stolen data Screenshots show customer interaction logs, agent work logs, and potential HR/identity records Everest has threatened to publish the full dataset and audio recordings if demands are not met Chrysler ha

Key Findings Salesforce has revoked all access tokens associated with Gainsight integrations and removed the affected apps from the AppExchange. The incident may have enabled unauthorized access to certain Salesforce customers' data through the Gainsight app's connection. Salesforce confirmed the issue is not due to any vulnerability in the Salesforce platform, but is related to the external connection to Salesforce. Gainsight acknowledged disruptions to features that rely on