Salesforce's trusted domain of doom
Smashing Security1 Okt 2025

Salesforce's trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars.

And we discuss why data breach communications still default to "we take security seriously" while quietly implying "assume no breach" - until the inevitable walk-back.

Plus, we take a look at ITV's phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.

Hear all this and more in episode 437 of the "Smashing Security" podcast by cybersecurity veteran Graham Cluley, joined this week by special guest Paul Ducklin.


EPISODE LINKS:


SPONSORS:

  • SecAlerts - SecAlerts makes your job easier by matching vulnerabilities to your software, using information as soon as it’s released. Use code SMASHING for 50% off a year subscription.
  • ANON - Find, monitor and remove data about yourself online. Manage your digital footprint with ease. Use code SMASHING for a 25% discount.
  • Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!


SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!


FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.


THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.


ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".



Privacy & Opt-Out: https://redcircle.com/privacy

Episoder(466)

The Kindle that got pwned

The Kindle that got pwned

Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook ...

18 Des 202536min

Grok the stalker, the Louvre heist, and Microsoft 365 mayhem

Grok the stalker, the Louvre heist, and Microsoft 365 mayhem

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily do...

11 Des 202555min

A hacker doxxes himself, and social engineering-as-a-service

A hacker doxxes himself, and social engineering-as-a-service

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer... and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and c...

4 Des 202544min

The hack that brought back the zombie apocalypse

The hack that brought back the zombie apocalypse

America's airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency a...

27 Nov 202540min

We’re sorry. Wait, did a company actually say that?

We’re sorry. Wait, did a company actually say that?

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests.In episode 444 of "Smashing Security" we examine a refreshingly honest b...

20 Nov 202555min

Tinder’s camera roll and the Buffett deepfake

Tinder’s camera roll and the Buffett deepfake

Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing "number one investment tips."Meanwhile, will agentic AI replace your co-h...

13 Nov 202538min

The hack that messed with time, and rogue ransomware negotiators

The hack that messed with time, and rogue ransomware negotiators

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away.Plus when ransomware negotiators turn...

6 Nov 202538min

Inside the mob's million-dollar poker hack, and a Formula 1 fumble

Inside the mob's million-dollar poker hack, and a Formula 1 fumble

Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table.Meanwhile, researchers have foun...

30 Okt 202540min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
det-store-bildet
nokon-ma-ga
fotballpodden-2
rss-gukild-johaug
dine-penger-pengeradet
lydartikler-fra-aftenposten
rss-ness
hanna-de-heldige
aftenbla-bla
rss-espen-lee-usensurert
rss-dannet-uten-piano
rss-penger-polser-og-politikk
frokostshowet-pa-p5
bt-dokumentar-2