A security researcher from Indonesia had discovered a persistent XSS vulnerability also called script injection on twitter dot com. With this hack, a malicious individual could exploit user account or infect them with spyware, malware and adware..Soon this is been reported to twitter secuirity team and corrected..
This hack is majorly due to lack of input validation of the application name field when accepting new requests for Twitter applications. Visiting his account on Twitter results in a pair of classic cross site scripting alert boxes, then your browser is manipulated, finally you enter the matrix (see below), and get messages from the researcher who found the vulnerability.
this interesting paper walks you through the attack scenario in steps...