Smashing Security podcast #437: Salesforce’s trusted domain of doom

Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars.

And we discuss why data breach communicationss still default to “we take security seriously” while quietly implying “assume no breach” – until the inevitable walk-back.

Plus, we take a look at ITV’s phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.

Hear all this and more in episode 437 of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.Graham CluleyRead More