Hello cyber pros! It's been a week of critical reminders about cloud security, diligent patching, and the evolving nature of warfare. Let's dive into the latest:

Salesforce Cloud Misconfigurations Under Attack ⚠️
- Threat actors are actively exploiting "overly permissive" guest user configurations in Salesforce Experience Cloud to steal sensitive data.
- This isn't a Salesforce platform vulnerability, but rather a customer misconfiguration. Attackers are using modified Aura Inspector tools to scan and extract data from public-facing sites.
- Actionable advice: audit guest user profiles, set company-wide defaults to "private", disable public APIs, restrict visibility, disable self-registration if not needed, and regularly review event monitoring logs.

👁️ Dark Reading | https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs

Microsoft's March Patch Tuesday 🛡️
- Microsoft released patches for 83 CVEs this month, with six identified as "more likely to exploit" and eight critical severity.
- A notable critical RCE (CVE-2027-21536, CVSS 9.8) in the Microsoft Devices Pricing Program was already patched and mitigated, uniquely identified by an AI agent.
- Two publicly known (zero-day) flaws, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server EoP), are considered low threat despite public disclosure.
- Key EoP vulnerabilities include three in the Windows kernel (CVE-2026-24289, CVE-2026-26132, CVE-2026-24287) and others in SMB Server (CVE-2026-24294) and Microsoft Graphics Component (CVE-2026-23668), all with higher exploit likelihood.
- Two RCEs in Microsoft Office (CVE-2026-26113, CVE-2026-26110, CVSS 8.4) can be exploited via the Preview Pane without opening malicious files. Mitigate by disabling Preview Pane and restricting untrusted Office files.

👁️ Dark Reading | https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update

Cloud Resilience in Modern Warfare ☁️
- Recent Middle East conflicts saw physical attacks, including drone strikes, on AWS facilities in the UAE and Bahrain, causing significant structural damage and service disruptions.
- This highlights a critical shift: hyper-scale cloud data centres are now "Tier 1 strategic targets" in modern warfare, as militaries and governments increasingly rely on cloud infrastructure.
- Traditional cloud resilience strategies, designed for natural disasters, are insufficient against kinetic attacks that can permanently destroy hardware or sever physical connectivity.
- Organisations must rethink disaster recovery and data governance, especially for real-time, low-latency workloads. The concept of "Allied Data Sovereignty" may emerge, advocating for data backups in allied nations to ensure survival during crises.

👁️ Dark Reading | https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

#CyberSecurity #ThreatIntelligence #CloudSecurity #Salesforce #Misconfiguration #PatchTuesday #Microsoft #Vulnerabilities #RCE #EoP #CyberWarfare #CloudResilience #InfoSec

Beyond the URL Button: The Salesforce Request Approval Lightning Component

Are you finding that as your company grows, the complexity of your approval workflows grows along with it? What once might have been a simple sign-off from a single manager can quickly transform into a multi-step process involving input from multiple departments, stakeholders, and even external partners. This complexity often leads to delays, inefficiencies, and frustration as approvals get stuck in bottlenecks or lost in email chains.

Salesforce’s free Flow Approval Processes, built on Flow Orchestrator, automate even the most intricate workflows. A previous post explored launching these Autolaunched Approval Orchestrations via a custom URL button. Today, we are taking that functionality a massive step forward. We will explore the new Request Approval Lightning component and its tie-in to autolaunched flow functionality. This component expands automation by allowing dynamic user inputs directly from the record page.

The Foundation: Autolaunched Flow Approvals

Before diving into the new component, let’s quickly recap how autolaunched flow approvals function. When you build an autolaunched approval process, you are essentially building an autolaunched automation that can be executed on demand, very similar to an autolaunched Orchestration or flow. However, the traditional method of launching Salesforce automations (the quick action button) has strict limitations. Quick actions can only be used to add an active screen flow to the page layout; orchestrations are simply not supported. Furthermore, quick actions do not allow you to pass additional input parameter values into your automation beyond the standard recordId.

Because of these limitations, the standard workaround has been to build an autolaunched Approval Orchestration and assign it to a custom URL button on the page layout. For example, a common use case is to escalate a case to a queue of level 2 experts when a second opinion is required. By appending variables to the custom URL, such as ?recordId={!Case.Id}&submitter={!$User.Id}&retURL={!Case.Id}, administrators could successfully pass the necessary parameters to kick off the orchestration. While highly effective, this URL button method is a bit rigid. It automatically submits the record based on predefined flow logic without giving the submitter much runtime flexibility.

Enter the Request Approval Lightning Component

This is where the new Request Approval component completely changes the game. Instead of relying on a custom URL button to trigger your background orchestration, you can now add a native, user-friendly interface directly to your Lightning record pages. This component bridges the gap between the UI of a screen flow and the processing power of an autolaunched orchestration.

To utilize this feature, you must first design, test, and activate an autolaunched flow approval process. Once your flow is ready, you can simply open the record page where you want to place the component. Click the gear icon on the navigation bar, and select Edit Page to open the Lightning App Builder. From the Components tab, search for “Request” and drag the Request Approval component directly onto the layout.

Straightforward Setup

You can customize the title of the component to display user-friendly text at run time. Then search for and select your active, autolaunched flow approval process to run whenever the user clicks the “Start” button. You can also assign a specific label to identify the associated flow approval process to your users.

Expanding the Use Case: What Can Be Added?

So, how exactly does this new component expand the capabilities of your autolaunched flow use cases? The true power of the Request Approval component lies in its ability to gather critical, dynamic inputs directly from the submitter at the exact moment of submission. When using the old custom URL button method, the approver destination (such as the Level 2 expert queue) was hardcoded into the flow steps. With the new component, you can dramatically increase the flexibility of your processes through two main enhancements:

Dynamic Approver Selection

The component allows you to require submitters to actively select an approver before the flow runs. To enable this, you must configure your underlying autolaunched flow approval process to assign one or more approval steps to a specific resource named firstApprover. In the Lightning App Builder, you then select the Require submitter to select an approver setting.

It is critical to ensure your flow is properly configured to accept this input. Consider whether the flow approval process you selected assigns one or more steps to the firstApprover resource. If it does, you must select this requirement on the component to prevent the flow approval process from failing when a submitter attempts to use it. This means a single autolaunched flow can now be routed to entirely different managers, departments, or external stakeholders on the fly.

Submission Comments

Another massive expansion of your use case is the ability to capture submission comments. Often, an approver needs context as to why a record is being submitted. The Request Approval component shows an Approval Request Comments field by default. This exposes optional submitter comments directly to the approvers via the submissionComments resource.

If your business process dictates that comments are unnecessary, or if you want to streamline the UI to prevent the submitter from adding comments about a submission, you easily have the option to select Hide submitter comments within the component configuration. These comments are stored cleanly in the new data model under the Approval Submissions object, specifically within the Comments field, making them accessible via queries if you wish to display them in custom approver screen flows.

The Impact on Your Org’s Architecture

By tying the Request Approval component to your autolaunched orchestrations, you unlock a highly scalable and flexible architecture. You no longer need to build dozens of slightly different flows for different queues or approvers. Instead, you can rely on a single autolaunched flow that dynamically adapts based on the firstApprover and submissionComments variables passed from the component.

This ties seamlessly into the broader Flow Approval Process ecosystem. Once submitted, the process still leverages the brand-new UI and audit trail, including the Approvals Lightning app, Approval Submissions, and Approval Work Items. The orchestration sequences stages and steps behind the scenes. It potentially triggers automated background steps like updating records or sending notifications without requiring further user interaction. Approvers still receive their email notifications with links to the Work Guide, and they can still reply directly to the emails with keywords like “Approve” or “Reject” to complete their action. Furthermore, administrators must still remember to add the Flow Orchestration Work Guide component to the record page. It approvers have a centralized interface to actually interact with the assigned approval step.

It is important no note that this component allows the user to recall the approval process once it is started.

Conclusion

The Request Approval component takes the Autolaunched Flow Approval Process and makes it more dynamic and user-centric. By moving away from static URL buttons and embracing this native Lightning component, administrators can empower their users to select appropriate approvers and provide vital context through comments. All while leveraging the free, robust automation engine of Salesforce Flow Orchestrator.

Whether you are routing cases to level 2 experts or managing multi-million dollar contracts, this functionality ensures your approval workflows are as efficient, user-friendly as possible. Save and activate your record page layout, exit the Lightning App Builder, and watch your new approval processes in action.

Explore related content:

How to Build Custom Flow Approval Submission Related Lists

Start Autolaunched Flow Approvals From A Button

Supercharge Your Approvals with Salesforce Flow Approval Processes

#ShinyHunters claims ongoing #Salesforce #Aura data theft attacks

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/

#cybersecurity

Trusselsaktører bruger et modificeret sikkerheds-værktøj til at bryde ind i #Salesforce -kunde-konti og stjæle følsomme data

Angrebene udnytter en version af AuraInspector, en Salesforce-serverscanner udviklet af Google Mandiant efter en lignende bølge af angreb

Salesforce siger, at hackere bruger værktøjet til at scanne internettet for Experience Cloud-servere, der er forkert konfigureret og efterladt ubeskyttede online
https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/

Remember a few weeks ago when I mentioned that new really cool set of open source tools Google put out to scan Salesforce apps for misconfiguration vulnerabilities?

This is why we can't have nice things.

https://thehackernews.com/2026/03/threat-actors-mass-scan-salesforce.html

#salesforce #pentesting

The #ShinyHunters hacking group has issued a warning to nearly 400 organizations, threatening to leak stolen #Salesforce portal data unless ransom demands are met.

Read https://hackread.com/shinyhunters-hackers-threat-stolen-salesforce-data/

#CyberSecurity #DataBreach #CyberAttack #DataLeak