Salesforce Commerce Cloud successfully transitioned from a self-hosted Prometheus monitoring system to Amazon Managed Service for Prometheus, achieving a 40% reduction in AWS costs while enhancing system reliability and reducing maintenance overhead. This migration allowed the team to focus more on innovation and customer service rather than managing infrastructure. The new solution scales seamlessly across multiple Amazon EKS clusters and regions, consolidating metrics effectively and improving operational efficiency.

Hackers have leaked 2.8 million sensitive records from Allianz Life due to a data breach involving Salesforce. The compromised data includes personal information that could pose significant risks to affected individuals. Organizations are urged to enhance data protection measures to prevent similar incidents in the future.

A critical vulnerability has been discovered in Salesforce's AgentForce, which could potentially allow unauthorized access to sensitive data. This flaw poses significant risks, prompting immediate attention and action from Salesforce to secure their systems and protect user information.

Salesforce discusses the development of real-time multimodal AI pipelines capable of processing up to 50 million file uploads daily. The article highlights the challenges and solutions involved in scaling file processing to meet the demands of modern data workflows. Key techniques and technologies that enable efficient processing are also emphasized.

Salesforce is increasing its reliance on artificial intelligence to automate workloads, with CEO Marc Benioff stating that AI currently handles 30% to 50% of the company's tasks. This shift towards AI has led to significant job cuts across the tech industry, as companies aim to enhance efficiency and reduce costs. Benioff describes this trend as a "digital labor revolution," noting that Salesforce has achieved approximately 93% accuracy with its AI technology.

Google’s Threat Intelligence Group is tracking a financially motivated threat cluster, UNC6040, which employs voice phishing to compromise Salesforce environments and exfiltrate data. Following these intrusions, they engage in extortion tactics, often posing as the group ShinyHunters and pressuring victims for payment in bitcoin. The growing sophistication of these tactics highlights the vulnerabilities in organizational defenses, particularly targeting IT personnel for initial access.

Hackers breached Salesloft to steal OAuth tokens from its Drift integration with Salesforce, enabling them to exfiltrate sensitive data including AWS access keys and passwords. The attacks, attributed to the threat group UNC6395, occurred between August 8 and August 18, 2025, leading to a coordinated response that involved revoking access tokens and requiring customer re-authentication. Ongoing investigations reveal connections to broader social engineering tactics targeting Salesforce instances, linked to the ShinyHunters group.

A hacking group has reportedly stolen over 1 billion records from Salesforce customer databases, raising significant concerns about data security and the potential repercussions for affected companies. The breach underscores the vulnerabilities in cloud services and the ongoing threat posed by cybercriminals.

Google reported that hackers compromised its Salesforce database, resulting in the theft of sensitive customer data. The breach highlights ongoing vulnerabilities in data security systems and raises concerns among Google’s clients regarding the safety of their information.

The partnership between Salesforce and Anthropic has been expanded to enhance the integration of generative AI technologies into Salesforce's cloud products. This collaboration aims to improve customer experiences and streamline workflows using advanced AI capabilities.

Salesforce has introduced AgentForce 360 as part of its strategy to enhance enterprise AI capabilities in response to increasing competition in the sector. This new offering aims to streamline workflows and improve customer interactions through advanced AI solutions. The announcement highlights Salesforce's commitment to staying at the forefront of AI innovation for businesses.

The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, that are exploiting Salesforce environments to steal data and extort organizations. These groups have employed various tactics, including social engineering and the use of compromised OAuth tokens, impacting many well-known companies and revealing sensitive information in their attacks. The FBI has released indicators of compromise to help organizations bolster their defenses against these threats.

A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.

Scattered Lapsus$ Hunters has initiated a crowdsourced extortion scheme, offering $10 in Bitcoin to individuals who will pressure executives of organizations they claim to have breached into paying ransoms. The group has already reportedly paid out $1,000 and lists 39 alleged victims on its data leak site, threatening further action if demands are not met by a specified deadline. Despite claims of a breach, Salesforce has stated that there is no indication of compromise on its platform.

PagerDuty has reported a security incident involving a breach of its Salesforce data due to a vulnerability in Salesloft's Drift application. The breach exposed customer support information, including names and contact details, although no PagerDuty credentials were compromised. The company is actively investigating the matter and has taken steps to mitigate the risks, including disabling the integration with Drift and advising customers to rotate their API keys.

Palo Alto Networks experienced a data breach due to compromised OAuth tokens from the Salesloft Drift breach, exposing customer data and support cases within its Salesforce CRM. While sensitive information such as passwords and authentication tokens were targeted, the company confirmed that the incident did not affect any of its products or services and has since contained the breach and notified impacted customers.

Salesforce has launched a new business unit called MissionForce, aimed at supporting national security initiatives. This division will focus on providing technology solutions and services to government agencies and defense contractors, enhancing their operational capabilities. The initiative reflects a growing trend among tech companies to engage more directly with national security challenges.

Google has confirmed that a data breach involving Salesforce's CRM system has occurred, putting customer data at risk. The breach has led to extortion threats against Salesforce, raising concerns about the security of cloud-based services.

Law enforcement in the U.S. and France has seized domains associated with the BreachForums hacking forum, known for selling stolen data and hacked credentials. Despite this action, a dark web version of BreachForums remains active, and the Scattered LAPSUS$ Hunters group claims it will still leak one billion Salesforce customer records. The ongoing struggle against cybercrime infrastructure emphasizes the resilience of such underground networks.

Salesforce has identified five critical vulnerabilities (CVEs) related to configuration weaknesses in its services, exposing customers to risks like unauthorized access and session hijacking. While these CVEs are tied to core components such as Flexcards and Data Mappers, 16 other issues were classified as customer misconfigurations, emphasizing the need for users to enforce proper security measures. Experts urge organizations to rigorously assess their configurations to prevent potential exploits.

Salesforce leverages Slack to enhance its operational efficiency by integrating DevOps practices with AIOps, allowing for streamlined communication and collaboration across teams. This integration helps Salesforce maximize project velocity and improve overall productivity by facilitating real-time updates and feedback.

AI is already responsible for generating 20% of Salesforce's APEX code, transforming the role of developers from technical execution to strategic decision-making. As AI takes on the more tedious aspects of coding, developers are empowered to focus on higher-level problem-solving and business strategy, leading to a more efficient software development process.

Salesforce is acquiring Informatica, a leading enterprise data management and analytics company, for approximately $8 billion to enhance its data management capabilities and support its AI initiatives. The deal is part of Salesforce's strategy to strengthen its position in the enterprise data market, following a trend of significant acquisitions aimed at boosting growth and innovation. Informatica's tools will integrate with Salesforce's existing platforms to enable advanced data governance and management solutions.

The article discusses Salesforce's new Data Cloud, which integrates a massive lakehouse architecture featuring over 4 million tables and 50 petabytes of data. Powered by Apache Iceberg, this infrastructure aims to enhance data management and analytics capabilities for businesses.

A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift application has been uncovered, with the threat actor UNC6395 compromising OAuth tokens to exfiltrate sensitive data. Organizations using Salesloft Drift are urged to treat their credentials as compromised and take immediate remediation steps, including revoking tokens and investigating potential unauthorized access.

Salesforce has refused to pay a ransom demanded by a crime syndicate claiming to have stolen nearly 1 billion records from its customers. The group, known as Scattered LAPSUS$ Hunters, has threatened to leak the data unless Salesforce negotiates a ransom, citing numerous high-profile clients among the victims. Despite the situation's severity, Salesforce has stated it will not comply with the extortion demand.

Moonhub, an AI company focused on democratizing access to opportunity, has joined Salesforce to enhance its AI strategy, particularly with the Agentforce initiative. This partnership aims to leverage their shared values and vision to drive innovation and create opportunities worldwide. Founder Nancy Xu expresses gratitude to supporters and optimism for the future.