New HTTPS Hijack attack
A pair of security researchers have developed a new attack that exploits a weakness in the SSL/TLS encryption standard, which leaks information about encrypted sessions that can be used by attackers to hijack HTTPS sessions. These are the same guys who developed the BEAST tool (Browser Exploit Against SSL/TLS) which targeted a problem with AES. They say it works similarly to BEAST but the known defense against BEAST won't work against this attack. Read more here: