Security firm Sophos posted a blog entry early Tuesday highlighting a new and potentially dangerous hack of Twitter's Web interface that's begun to make the rounds.

Here's how it works, basically: By putting a bit of JavaScript code ("onmouseover") into a URL in a tweet, a user can cause a pop-up message to emerge when someone hovers a cursor over that link. Sophos notes that right now primary exploiters of the loophole are using it for "fun and games," but that it could potentially be used by spammers or purveyors of malicious code. It appears to work in both the redesigned Twitter Web interface that was launched last week as well as its predecessor.

Read the full warning from Sophos here.