While not specifically PHP related, all web developers out there need to know about this one...

From Slashdot.org: ZDNet is running a story on a new security flaw in Microsoft's Internet Explorer which could let hackers use a technique to display a false Web address on a fake site according to an advisory from the Danish security company Secunia. The Danes report that 'the vulnerability is caused due to an input validation error, which can be exploited by including the "%01" URL encoded representation after the username and right before the "@" character in an URL.' PC World reports that 'Microsoft says it is investigating reports of the vulnerability. When that inquiry is complete, the company will take whatever steps it deems necessary, such as issuing a new patch, a spokesperson says.

Quite a scary situation - and one that anyone can abuse very easily. Add one simple character to your URL and like magic the user is duped into thinking you're another site. Lets just hope that they get this one patched quickly...