Dark mode: ON

Infosec Decoded Season 5 #76: Supply-Chain Attacks

With Doug Spindler and sambowne@infosec.exchange

Recorded Fri, Sep 26, 2025

AI

Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales
A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers who published a proof-of-concept attack on Thursday. They were aided by an expired trusted domain that they were able to buy for a measly five bucks.

For this attack scenario, the researchers enabled Salesforce's Web-to-Lead feature. This allows external users, like conference attendees or website visitors, to submit customer lead info that integrates directly with the CRM system. Teh attackers put malicious AI instructions in the lead's description field, telling the Ai to exfiltrate data to a domain which was among the trusted sites, but had expired.

Can someone explain MCP to me? How are you using it? And what has it allowed you to do that you couldn’t do before?
MCP essentially allows you to give Claude access to various external systems. This can be files on your computer, an API, a browser, a database, or anything else.
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails
We're giving MCP servers god-mode permissions. Tools built by people we've never met. People we have zero way to vet. And our AI assistants? We just... trust them. Completely.

Postmark-mcp is downloaded 1,500 times every single week, and integrated into hundreds of developer workflows. Since version 1.0.16, it's been quietly copying every email to the developer's personal server. I'm talking password resets, invoices, internal memos, confidential documents - everything.

Politics

Europe is at hybrid war, Danish prime minister announces
Waves of drones shut down Danish airspace this week. There is one obvious antagonist “and that is Russia,” Mette Frederiksen says. Estonia and Poland convened NATO members for urgent talks after accusing Russia of violating their airspace in separate incidents.

Earlier this month, the Danish Defense Ministry announced it would purchase the Franco-Italian SAMP/T air defense system for 58 billion Danish kroner (€7.7 billion), its largest arms purchase ever.

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
OpenSSF has finally discovered capitalism and this thing called a "business model." They need to charge some of their users some money to survive.
Shopify, pulling strings at Ruby Central, forces Bundler and RubyGems takeover
A case history demonstrating the point of the previous article. The companies funding Ruby open-source projects got fed up with teh bickering and drama among the maintainers, and demanded control in return for further funding.
FTC Secures Historic $2.5 Billion Settlement Against Amazon
Amazon used deceptive methods to sign up consumers for Prime subscriptions and made it exceedingly difficult to cancel. Amazon created confusing and deceptive user interfaces to lead consumers to enroll in Prime without their knowledge.


Phone spyware scandal in Greece moves to court as critics claim cover-up
It has become known as Greece's Watergate: spyware software and Greek intelligence targeted the mobile phones of government ministers, senior military officers, judges and journalists. No government officials have been charged in court and critics accuse the government of trying to cover up the truth.
Record fraud crackdown in the UK saves half a billion for public services
New technology and artificial intelligence turns the tide in the fight against public sector fraud, with new tech to prevent repeat of Covid loan fraud.
Proposed Legislation would Shield Americans’ Brain Data From Exploitation
The FTC will examine how “neural data” — information from brain activity or signals that can reveal thoughts, emotions, or decision-making patterns — and other related data should be protected to safeguard privacy, prevent exploitation, and build public trust as neurotechnology rapidly advances.
Bill to Combat Foreign Cyberattacks Targeting American Agriculture
Man arrested for EU airport disruptions
Judge orders release of teen accused in Las Vegas casino cyberattacks
A teenager who turned himself in to face allegations he participated in the 2023 cyberattacks against two major Las Vegas casino operators was released Wednesday to his parents. He was part of "Scattered Spider" and still has roughly $1.8 million worth of bitcoin.
4 vaccines linked to a lower risk of dementia
Flu, Shingles, RSV, and Tdap
People Cheer Resignation Of MAGA Official Who Mandated Charlie Kirk Student Organizations In Schools

Infosec

Microsoft agrees to 11th hour Win 10 end of life concessions
Microsoft will give consumers in the European Economic Area no-strings extended support for the soon-to be-EOL Windows 10. But only for a year.
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Where Are my Keys?! Ransomware Group Steals AWS Keys to Advance
Attackers use stolen AWS keys to target AWS control planes, which manage virtual resources. Traditional security tooling, such as Endpoint Detection and Response software (EDR), which you install on endpoints and servers, likely cannot detect attackers interacting with the control plane. It is necessary to ensure that telemetry from your cloud environments’ control plane is collected and monitored to identify these types of attacks.
Malifiscan
A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries