Joomla 2.5.8 and 3.0.2 were just released today fixing a medium severity security bug related to a clickjacking/XSS vulnerability. You can find more details on their release notes:
If you are not familiar with ClickJacking, Wikipedia explains it well:
Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.
And remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!
Sucuri SiteCheck was also updated to alert users not running version 2.5.8/3.0.2 on their Joomla sites.