A new ransomware that has been spread since 12th of March worldwide affecting hundreds of thousands of Windows computers and for which you should be considering the application of an emergency security patch update that Microsoft has released few hours ago.
Yesterday Microsoft has patched a critical vulnerability in Windows HTTP stack (http.sys), which would have extreme consequences if an exploit is publicly disclosed.
Update: As estimated, the community has responded to this public disclosure 4 days after it was announced. MS has been notified Oct-2014. CVE assigned is CVE-2015-0072.
Google has recently disclosed a (new?) SSLv3 vulnerability that allows an attacker controlling the SSL-encrypted network stream between client and server to extract the plaintext of specific parts of the communication, most "preferable" cookies.
While the Man-in-the-Browser (MitB) type of attacks have been around for quite some time, the last year has seen a significant increase in amount of money being stolen as well as the “quality” and capabilities of the attack mechanisms.