Tuesday , July 14 2026
ShinyHunters

ShinyHunters reportedly ‘Breach 400 Companies’ via Salesforce Experience Cloud

Salesforce warns customers about threats to public Experience Cloud sites, as the ShinyHunters group claim to exploit a new bug. The danger stems from attempts to take advantage of “overly permissive” guest user configurations, the company says in a trust site post reminiscent of the voice phishing incidents of late 2025.

Protect Your Org from Experience Cloud Threat

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

ShinyHunters claimed responsibility for the Salesforce Aura/Experience Cloud data theft in a post on their leak site, as reported by BleepingComputer. Mandiant Consulting stated that hackers used AuraInspector to target companies.

Charles Carmakal, Mandiant chief technology officer, said: “We are aware of a threat actor attempting to facilitate intrusions by misusing the AuraInspector open-source tool to automate vulnerability scans across Salesforce environments.”

ShinyHunters claim to have compromised around 100 high-profile companies, mostly in cybersecurity. They informed BleepingComputer that the actual number of affected organizations is between 300 and 400.

In September 2025, the threat actor started compromising companies with weak Experience Cloud access controls for guests. They identified Aura instances by scanning for the /s/sfsites/ endpoint online.

Salesforce said in a trust site post that they have not identified “any vulnerability inherent to the Salesforce platform” associated with the threat activity.

The company warns that improper security of customer configuration settings can increase exposure.

Salesforce advises customers to check their guest user settings in Experience Cloud and follow these recommended actions immediately.

Disable Public APIs: This is the highest-impact change. Organizations should uncheck the setting to allow guest users to access public APIs, which immediately closes the targeted Aura endpoint to unauthenticated queries.​

Audit Guest Profiles: Review and restrict guest user access to the absolute minimum objects and fields required for site functionality.​

Set Defaults to Private: Ensure the default for external object access is set to private so guest users cannot view records without explicit sharing rules.​

Restrict Internal Visibility: Disable portal and site user visibility settings to prevent attackers from enumerating internal organization members.​

Disable Self-Registration: If public account creation is not strictly necessary, turn it off to prevent attackers from escalating their access from a guest tier to an authenticated session.​

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …