Salesforce's trusted domain of doom
Smashing Security1 Loka 2025

Salesforce's trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.

And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.

Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.

Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.


EPISODE LINKS:


SPONSORS:

  • SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
  • ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
  • Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!


SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!


FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.


THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.


ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".



Privacy & Opt-Out: https://redcircle.com/privacy

Jaksot(466)

Oops! I auto-filled my password into a cookie banner

Oops! I auto-filled my password into a cookie banner

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal pas...

27 Elo 202534min

How to mine millions without paying the bill

How to mine millions without paying the bill

In episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills.Mea...

20 Elo 202534min

Poisoned Calendar invites, ChatGPT, and Bromide

Poisoned Calendar invites, ChatGPT, and Bromide

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic out...

13 Elo 202533min

Replit panics, and the AI that will kill you

Replit panics, and the AI that will kill you

Those of you who tuned in to last week's episode (#428) will have heard the big news from my podcast pal Carole that she's decided to move on from her co-hosting duties on the show.There have been som...

6 Elo 202527min

Red flags, leaked chats, and a final farewell

Red flags, leaked chats, and a final farewell

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself - after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs,...

30 Heinä 202540min

When 2G attacks, and a romantic road trip goes wrong

When 2G attacks, and a romantic road trip goes wrong

In this episode, Graham warns why it is high time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, sc...

23 Heinä 202533min

Choo Choo Choose to ignore the vulnerability

Choo Choo Choose to ignore the vulnerability

In episode 426 of the "Smashing Security" podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigat...

16 Heinä 202536min

Call of Duty: From pew-pew to pwned

Call of Duty: From pew-pew to pwned

In episode 425 of "Smashing Security", Graham reveals how "Call of Duty: WWII" has been weaponised - allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microso...

9 Heinä 202535min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-ootsa-kuullut-tasta
tervo-halme
rss-podme-livebox
rss-pinnalla
rss-vaalirankkurit-podcast
otetaan-yhdet
aihe
rss-asiastudio
rss-ulkopoditiikkaa
the-ulkopolitist
rss-raha-talous-ja-politiikka
et-sa-noin-voi-sanoo-esittaa
radio-antro
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-girls-finish-f1rst
lotta-paakkunainen