On December 9th, according to Scam Sniffer, most Solana wallet attackers use third-party domains to bypass the wallet blacklist (e.g. registering expired DApp domains, and now exploiting XSS vulnerabilities). If users find that the DApp pops up a second window (or redirect) asking you to connect to the wallet in another window, please check carefully for security.