{"id":224156,"date":"2026-03-11T11:01:00","date_gmt":"2026-03-11T15:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/salesforce-issues-new-security-alert-tied-to-third-customer-attack-spree-in-six-months\/"},"modified":"2026-03-16T08:00:15","modified_gmt":"2026-03-16T12:00:15","slug":"salesforce-issues-new-security-alert-tied-to-third-customer-attack-spree-in-six-months","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/11\/salesforce-issues-new-security-alert-tied-to-third-customer-attack-spree-in-six-months\/","title":{"rendered":"Salesforce issues new security alert tied to third customer attack spree in six months"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/salesforce-experience-cloud-customers-attacks\/\">Salesforce issues new security alert tied to third customer attack spree in six months<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/salesforce-experience-cloud-customers-attacks\/\">https:\/\/cyberscoop.com\/salesforce-experience-cloud-customers-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 11:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday.\u00a0<\/p>\n<p>\u201cSalesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,\u201d the company said in the alert.<\/p>\n<p>The campaign marks the third widespread attack spree targeting Salesforce customers in about six months.\u00a0<\/p>\n<p>The number of victims ensnared by the latest attacks is unverified, but ShinyHunters, the threat group asserting responsibility for the attacks, claims about 100 companies have already been impacted.\u00a0<\/p>\n<p>Researchers told CyberScoop they are confident the threat group behind the campaign is associated with ShinyHunters, an outfit that\u2019s previously stolen data from Salesforce instances for extortion attempts.<\/p>\n<p>Salesforce did not attribute the attacks, but pinned blame on a \u201cknown threat actor group,\u201d adding that the issue is not due to a vulnerability in the company\u2019s platform.<\/p>\n<p>The company said the threat activity reflects a broader trend of identity-based targeting, in this case customer-configured guest user settings that expose publicly accessible Experience Cloud sites to potential attacks.<\/p>\n<p>\u201cWe are aware of a threat actor attempting to identify misconfigurations within Salesforce Experience Cloud instances,\u201d Charles Carmakal, chief technology officer at Mandiant Consulting, said in a statement. \u201cWe are working closely with Salesforce and our customers to provide the necessary telemetry and detection rules to mitigate potential risk.\u201d<\/p>\n<p>Salesforce said the threat actor is using a modified version of the Mandiant-developed open-source tool AuraInspector to scan for public-facing Experience Cloud sites and steal data from instances with a guest user profile.\u00a0<\/p>\n<p>This setting is designed to provide unauthenticated&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/salesforce-experience-cloud-customers-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Salesforce issues new security alert tied to third customer attack spree in six months https:\/\/cyberscoop.com\/salesforce-experience-cloud-customers-attacks\/&#8230;<\/p>\n","protected":false},"author":1,"featured_media":224157,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2025\/11\/GettyImages-1409048569.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[34,27],"class_list":["post-224156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224156"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=224156"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224156\/revisions"}],"predecessor-version":[{"id":224158,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224156\/revisions\/224158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/224157"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=224156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=224156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=224156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}