HTML injection

Robinhood said attackers abused a flaw in its account creation flow to send phishing emails from a legitimate company address. The company said no customer accounts, personal information or funds were impacted.