Recently smuggled some sensitive data via CSS injection and sequential import chaining!