It went completely under everyone’s radar. In March 2025, Salesforce Security posted a blog post warning of social engineering attacks against Salesforce Admins and users, which had compromised certain Salesforce orgs.
Just over two months later, another blog post, this time by the Google Threat Intelligence (GTI) group, laid out a detailed report of these attacks having continued. This included detailed observations of the behavior of the attacks along with an identified group, known at the time as UNC6040 (UNC, the designation used for unknown or “uncategorized” threat actors).
Reading the tea leaves, Salesforce Ben reported at the time that this had to be a coordinated and direct exploitation of Salesforce Administrators and other known users of Salesforce systems. The impact of this exposure has continued to grow since then, with billions of Salesforce records across dozens of Salesforce customers being stolen and held for ransom.
We’ve been keeping up, continuing to report on the ongoing incident, including publishing a guide for admins to address possible security deficiencies and a timeline of the incident. But it’s just not enough!
What Is Security Month?
In the face of such an unprecedented and wide-reaching compromise, Salesforce Ben is collecting, curating, and creating an entire month’s worth of blog posts, guides, videos, and webinars to produce a four-week masterclass on security.
If you caught Flow Month this past August, Security Month promises more of the same and more! Imagine focused articles and content from your favorite Salesforce Ben contributors, as well as experts from the Salesforce community. We’ll also be bringing you infographics that will help you better understand security features and concepts, which you can share with your clients, customers, and communities to help them build their own expertise. And you can expect other resources to help you build your own company into a more secure business.
Of course, there will be fun too, with plenty of opportunities to get hands-on! Think you have what it takes to assess and fix an org with insecure configurations and implementations? Look out for a new and exciting challenge to test your security knowledge, no matter your role or skill level! We’ll be sharing details later this week, so stay tuned.
How Can You Participate?
If this drawn-out security incident has taught us anything, it’s that we all need to think of ourselves as cybersecurity practitioners. We can’t afford to assume that someone else has it covered. So, if Security Month sounds like just the thing you need to grow your security chops, you can sign up for a dedicated, limited edition newsletter delivered once a week throughout November.
And if there’s a particular topic you’d like to read (or write) about, let us know in the comments below.
