A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation ...

Google’s Threat Intelligence Group says a vishing threat called UNC6040 has been targeting Salesforce applications with a fake data loader.

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

It clarified that the malicious version of the Data Loader is not authorised by Salesforce. "In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability ...

Cybercriminals are stealing business Salesforce data with this simple trick - don't fall for it The goal is to steal large amounts of confidential data in an attempt to extort the victims.

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according ...

In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion.

A wave of data-theft attacks against Salesforce CRM customers have now compromised Google in addition to numerous other major companies.

Agentforce marks a big shift in how Salesforce integrates AI with enterprise apps. But it must balance AI with human effort—and rise above the noise in a crowded market.

Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion.