The WPA2 encryption that protects almost all WiFi networks has been cracked - meaning that wireless networks are even less safe than before.
A team led by the US government will give full details later today, Monday, but have already confirmed that an exploit known as KRACK is able to break through the encryption layer, putting anything into the plain sight of hackers.
The US Computer Emergency Readiness Team (US0CERT) has confirmed that using WPA-2 makes you a target and that's pretty bad because the majority of home routers don't have anything stronger.
Or to put it another way - if you use WiFi, you're a sitting duck.
At this stage, we're not sure how easy it is for a hacker to use KRACK, and so the scale of the problem is still somewhat up in the air. If it involves being within the range of your WiFi network for an hour, then it's less of a worry. If it's instant, then someone could attack you in a slow-moving car.
And that's not such an unlikely scenario - when WPA (1) was cracked back in 2009, it took a minute to slap down the data.
WPA2 has been so far from the back of people's minds it has hardly been mentioned on these hallowed pages, save for a portent of doom via a Virgin WiFi hack in July.
The full warning so far reads: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.
"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."
In other words, this is as bad as it gets. It has the potential to be Heartbleed on steroids (or on KRACK, if you insist) and there's pretty much nothing any of us can do about it, because no one has been really focusing on what would happen if it was.
Full details (and therefore how much we should worry) will appear later at krackattacks.com before a formal presentation of researcher findings at a talk called "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (yes that's really what it's called) at the ACM Conference on Computer and Communications Security in Dallas on 1 November.
Leaks indicate that launch of AMD APUs with integrated Vega graphics is just around the corner
Facebook CISO Alex Stamos defends company over claims company network is 'run like a college campus'
Stamos explains: Facebook engineers enjoy a lot of autonomy, it's not disorganised and chaotic
HMRC refusal over VAT payment schedule forces 22-year-old computer reseller to the wall
AMD claims updates to Radeon ProRender will speed-up 3ds Max rendering by up to 35 per cent