A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation ...

In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion.

It clarified that the malicious version of the Data Loader is not authorised by Salesforce. "In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability ...

Google warns of a sophisticated hacking campaign targeting Salesforce users, involving modified Data Loader app installations leading to extensive data breaches and corporate extortion.

A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according ...

Google is monitoring a criminal group that uses voice phishing to trick Salesforce users. Data theft is followed by blackmail.

Salesforce had previously issued a warning in March 2025, cautioning users about vishing attacks and the risks posed by malicious versions of Data Loader.

A wave of data-theft attacks against Salesforce CRM customers have now compromised Google in addition to numerous other major companies.

Google has confirmed a data breach involving one of its Salesforce databases, compromised in June 2025 by the hacking group ShinyHunters, also known as UNC6040. The breach was part of a wider ...

Salesforce had previously issued a warning in March 2025, cautioning users about vishing attacks and the risks posed by malicious versions of Data Loader.