{"id":7349,"date":"2025-10-02T02:03:29","date_gmt":"2025-10-02T02:03:29","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/10\/02\/smashing-security-podcast-437-salesforces-trusted-domain-of-doom\/"},"modified":"2025-10-02T02:03:29","modified_gmt":"2025-10-02T02:03:29","slug":"smashing-security-podcast-437-salesforces-trusted-domain-of-doom","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/10\/02\/smashing-security-podcast-437-salesforces-trusted-domain-of-doom\/","title":{"rendered":"Smashing Security podcast #437: Salesforce\u2019s trusted domain of doom"},"content":{"rendered":"<p>    Smashing Security podcast #437: Salesforce\u2019s trusted domain of doom<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>Researchers uncovered a security flaw in Salesforce\u2019s shiny new Agentforce. The vulnerability, dubbed &#8220;ForcedLeak&#8221;, let them smuggle AI-read instructions in via humble Web-to-Lead form&#8230; and ended up spilling data for the low, low price of five dollars.<\/p>\n<p>And we discuss why data breach communicationss still default to &#8220;we take security seriously&#8221; while quietly implying &#8220;assume no breach&#8221; &#8211; until the inevitable walk-back.<\/p>\n<p>Plus, we take a look at ITV&#8217;s phone-hacking drama with David Tennant, and take a crack at decoding the history of the Rosetta Stone.<\/p>\n<p>Hear all this and more in episode 437 of the &#8220;Smashing Security&#8221; podcast by cybersecurity veterans Graham Cluley, joined this week by special guest Paul Ducklin.<\/p><\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Graham Cluley<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/grahamcluley.com\/smashing-security-podcast-437\/\">Go to grahamcluley<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Smashing Security podcast #437: Salesforce\u2019s trusted domain of doom Researchers uncovered a security flaw in Salesforce\u2019s shiny new Agentforce. The vulnerability, dubbed &#8220;ForcedLeak&#8221;, let them smuggle AI-read instructions in via humble Web-to-Lead form&#8230; and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communicationss still default [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[167,156,154,54,166,1777,175,131],"tags":[71],"class_list":["post-7349","post","type-post","status-publish","format-standard","hentry","category-ai","category-data-breach","category-data-loss","category-grahamcluley","category-podcast","category-salesforce","category-smashing-security","category-vulnerability","tag-grahamcluley"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7349"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7349"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7349\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}