Salesforce's trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up...
1 Loka 202543min
The €600,000 gold heist, powered by ransomware
Ransomware doesn’t just freeze computers - it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night...
24 Syys 202539min
Whopper Hackers, and AI Whoppers
Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even th...
10 Syys 202544min
How hackers turned AI into their new henchman
Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-...
3 Syys 202545min
Oops! I auto-filled my password into a cookie banner
We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal pas...
27 Elo 202534min
How to mine millions without paying the bill
In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.Mea...
20 Elo 202534min
Poisoned Calendar invites, ChatGPT, and Bromide
A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic out...
13 Elo 202533min
