Latest articles

Ghost Sites: Stealing Data From Deactivated Salesforce Communities

May 31, 2023
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.

Neo4jection: Secrets, Data, and Cloud Exploits

Feb 08, 2023
With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.

Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug

Nov 02, 2021
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...

Abusing Misconfigured Salesforce Communities for Recon and Data Theft

Oct 21, 2021
Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
No overhead. Just outcomes.