A major exploit in Drupal 7, allowing SQL injection, was reported a few weeks ago. Many security blogs are reporting that all Drupal systems that are running v7 should consider themselves potentially exploited, unless they patched their system on or before October 15 (when the vulnerability was reported).
For those of us that constantly hear reports about WordPress being so insecure, and Drupal being the gold standard, this situation can be seen as a bit of a blessing. However, any major vulnerability like this, in any open source system, ultimately hurts all of us. For our entire community’s sake, I’m hoping that this situation is being blown out of proportion. Hopefully everyone that is vulnerable will get their systems patched quickly, and this situation will blow over pretty quickly.