Serious WordPress vulnerability
If you’re running a version of WordPress prior to 2.8.4, or have only upgraded in the last few days, you should stop what you are doing and head over to this post on the WordPress development blog: How to Keep WordPress Secure. It discusses a worm which is currently doing the rounds, attempting to exploit older versions of WordPress by creating a “hidden” admin user. Incidentally, all the methods suggested to find the hidden user seem unnecessarily complicated – if you have a tool which allows access to your database (e.g. phpMyAdmin), just check the wp_users table manually.
Subscribing to the development blog is a must if you use WordPress, unless you are a WordPress.com user, where everything is taken care of for you.