The IT security problems of Panamanian law firm Mossack Fonseca (MossFon), which gained notoriety for their loss of the so-called »Panama Papers«, do not seem to stop. An »underground researcher« who goes by the Twitter handle @1x0123 has found an SQL-injection vulnerability in MossFon's electronic online payment system.