News

The Register on MSN2d
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
The 16 other flagged issues are on customers, says CRM giant Salesforce has assigned five CVE identifiers following a ...
Infosecurity Magazine2d
Researcher Finds Five Zero-Days and 20+ Misconfigurations in Salesforce Cloud
The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers ...
SecurityWeek3d
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers discovered 5 zero-day vulnerabilities and 15 critical misconfiguration risks in Salesforce Industry ...
Cybercriminals are stealing business Salesforce data with this simple trick - don't fall for it
The goal is to steal large amounts of confidential data in an attempt to extort the victims. Here's how it works.
The Hacker News3d
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Salesforce Industry Cloud has 20+ config risks exposing sensitive data; customers must fix most issues to avoid compliance ...
CSO Online2d
June Patch Tuesday advice for CSOs: Defense-in-depth needed to stop RCEs
CVE-2025-47172 , a remote code execution vulnerability in Microsoft SharePoint Server. With a CVSS score of 8.8, he said this ...
Security Boulevard3d
New Research on Salesforce Industry Clouds: 0-days, Insecure Defaults, and Exploitable Misconfigurations
AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn ...
CPO Magazine2d
Google Warns Salesforce Customers of Large-Scale Vishing Attacks
Google warns Salesforce customers about vishing attacks by hackers impersonating IT support to lure employees into connecting ...
Google: Hackers target Salesforce accounts in data extortion attacks
Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against ...
Voice phishing against Salesforce users: data theft and blackmail
Google is monitoring a criminal group that uses voice phishing to trick Salesforce users. Data theft is followed by blackmail ...
Microsoft fixes first known zero-click attack on an AI agent
EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, ...