Get cracking with the latest Flash upgrade, because the vulnerability it patches is a peach, allowing a cross-site request forgery (CSRF) attack for stealing user credentials.
According to the Switzerland-based Google engineer that turned up the vulnerability, Michele Spagnuolo, sites that are/were vulnerable to the attack included various Google domains, YouTube, Twitter, Instagram, Tumblr and eBay.

The link for this article located at The Register UK is no longer available.