There was a “worm” reported over the weekend that is seriously affecting older versions of WordPress that are located on private hosting environments. WordPress.com sites are not affected as they are automatically updated to the latest versions as they are released.
It is serious, and not very visible unless you know what you are looking for. Please read the following articles to get the details:
From Matt Mullenweg: http://wordpress.org/development/2009/09/keep-wordpress-secure/
and from WordPress.org on how to upgrade: http://codex.wordpress.org/upgrading_wordpress/
and if you have problems: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to- completely-clean-your-hacked-Wordpress-installation/
It is not panic time, but it is serious and you should upgrade quickly to avoid any problems.