The flaw’s now got a name – CVE-2023-37580. And here’s where it gets spicy – between the discovery and the patching, Google noticed four cyber bad guys having a field day. One of them was sending crafty emails with an exploit URL to folks in a Greek government organization. Click the link, and boom! The URL works its magic, using XSS to swipe emails, attachments, and even setting up a cheeky auto-forwarding rule to an address controlled by the hacker.
