The exploit has spread to thousands of accounts now – some with hardcore porn pop-ups, other with jokey references to the exploit – so stick with a third-party Twitter client for the time being to read and send your short updates. [Link and image via Sophos]
Update: Some have reported that simply visiting Twitter.com, with certain tweets from your followers loaded, could be enough to trigger an incident (that link is Twitter.com too, but only to a specific no-link tweet). Avoid Twitter.com entirely until the exploit is repaired.
Update 2: Twitter posts that the exploit has been patched, but it’s likely still a good idea to let the fix propagate through DNS servers before heading back to Twitter’s web client.