diff --git a/readme.md b/readme.md
index c4bc4b5..e8d41d4 100644
--- a/readme.md
+++ b/readme.md
@@ -77,6 +77,7 @@ are not simple or rational.
 - [Falsehoods About Cars](https://github.com/driveto/falsehoods-about-cars) - Even
 something as common as defining a car is full of pitfalls.
 - [Decimal Point Error in Etsy's Accounting System](https://www.reddit.com/r/Etsy/comments/hz4877/if_you_are_an_etsy_seller_do_not_purchase_postage/) - The importance of types in accounting software: missing the decimal point ends up with 100x over-charges.
+- [Characters `<` and `>` in company names lead to XSS attacks](https://forum.aws.chdev.org/t/cross-site-scripting-xss-software-attack/3355) - Because [UK allows companies to be registered with special characters](https://www.legislation.gov.uk/uksi/2015/17/schedule/1/made), a hacker leveraged them to register `\"><SCRIPT SRC=MJT.XSS.HT></SCRIPT> LTD`, but also `; DROP TABLE "COMPANIES";-- LTD`, `BETTS &AMP; TWINE LTD` and `SAFDASD & SFSAF \' SFDAASF\" LTD`.
 - [CLDR currency definitions](http://unicode.org/cldr/trac/browser/tags/release-31/common/supplemental/supplementalData.xml#L81) - Currency
 validity date ranges overlap due to revolts, invasions, new constitutions, and
 slow planned adoption.