ChainCatcher news, Slow Mist founder Yuxian disclosed an XSS attack targeting the crypto industry on the X platform. The attacker exploited an XSS vulnerability on the crypto media website Cointelegraph to lure target users into opening a link to the official Cointelegraph website (with XSS malicious script), resulting in:Malicious script loading and execution;The address bar being set to a suspicious address (which at first glance looks like an official unpublished draft);A fake Sign in with X pop-up appearing;After clicking Sign in with X, the third-party application authorization for X opens, with a large blank section in the permissions list. If you inadvertently click to authorize without paying attention, your X-related permissions will be taken over by the attacker.This type of phishing with a slight exploit is particularly difficult for the general public to defend against, so extra caution is needed.