Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Robinhood account creation HTML injection security flaw

Vulnerability
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

Robinhood's account creation/onboarding flow was abused to inject arbitrary HTML into account confirmation emails, creating a phishing risk for customers. The flaw let attackers make legitimate-looking messages render as fake login alerts that urged recipients to review account activity. Robinhood later said it had fixed the issue by removing the abused Device: field from those emails.

Related Happenings

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

ChatGPT/Gmail indirect prompt injection ShadowLeak security flaw

Vulnerability
First: 19.09.2025 22:07 Last: 19.09.2025 22:07 Sources 1

About this happening: Researchers confirmed **ShadowLeak**, a hidden **indirect prompt injection** flaw in **ChatGPT** email integrations, that could steal **Gmail** contents without detectable network...

Open Happening

Timeline

  1. 28.04.2026 02:11 2 articles · 29d ago

    Robinhood customers receive forged login alerts via onboarding HTML injection

    Exploitation Observed

    Threat actors abuse Robinhood's account creation flow to inject arbitrary HTML into account confirmation emails, causing legitimate messages from [email protected] to render as fake "Unrecognized Device Linked to Your Account" alerts. Customers begin receiving the phishing emails on Sunday evening, and the lure points to robinhood[.]casevaultreview[.]com while passing SPF and DKIM checks.

    Show sources
    Open in new tab
  2. 28.04.2026 02:11 1 articles · 29d ago

    Robinhood removes abused Device: field and warns customers

    Mitigation Patch Update

    Robinhood says the falsified email was made possible by abuse of the account creation flow and was not a breach of its systems or customer accounts, with personal information and funds not impacted. The company removes the Device: field from account creation emails and tells recipients to delete the message and avoid clicking any links.

    Show sources
    Open in new tab