Foresight News reports that Yuxian, the founder of Slow Fog, stated that he has noticed attackers exploiting an XSS vulnerability on the Cointelegraph website to trick target users into opening links. The specific method involves 'loading and executing a malicious script, setting the address bar to https://cointelegraph[.]com/not-public/drafts/article-1033, then popping up a fake Sign in with X box. After clicking Sign in with X, it opens X's third-party application authorization, leaving a large blank space in the permissions list. At this point, if users do not pay attention and click authorize, the permissions related to the user's X account are taken over by the attacker.'