Sometimes being lazy is a good thing. I was supposed to update my WordPress installation to version 2.1.1 last weekend, but I didn’t feel like checking what had changed exactly and if I needed the update. The short changelog said the update mostly consisted of small fixes and no critical stuff so I postponed.
It turns out the 2.1.1 update was quite critical after all:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
It seems a cracker got access to a server that powers WordPress.org and was able to modify the download file.
More on this story at WordPress.org.
