This seems to be the news shaking the blogosphere this morning just before the IBAs. Apparently some unscrupulous individual managed to gain access to one of WordPress’ servers and ‘tweak’ the download for version 2.1.1 of WordPress’ software to suit their own needs. The added code would open up the possibility of a remote PHP attack on any sites running the infected download. All WordPress users are encouraged to upgrade immediately to version 2.1.2. I run a couple of WordPress blogs myself but none of these have been affected but said that I’d make the news public anyhow in case anyone missed it. source: WordPress Blog