A critical vulnerability has been discovered in Salesforce's AgentForce, which could potentially allow unauthorized access to sensitive data. This flaw poses significant risks, prompting immediate attention and action from Salesforce to secure their systems and protect user information.

PagerDuty has reported a security incident involving a breach of its Salesforce data due to a vulnerability in Salesloft's Drift application. The breach exposed customer support information, including names and contact details, although no PagerDuty credentials were compromised. The company is actively investigating the matter and has taken steps to mitigate the risks, including disabling the integration with Drift and advising customers to rotate their API keys.

Salesforce has identified five critical vulnerabilities (CVEs) related to configuration weaknesses in its services, exposing customers to risks like unauthorized access and session hijacking. While these CVEs are tied to core components such as Flexcards and Data Mappers, 16 other issues were classified as customer misconfigurations, emphasizing the need for users to enforce proper security measures. Experts urge organizations to rigorously assess their configurations to prevent potential exploits.