The WPA2 encryption that protects almost all WiFi networks has been cracked - meaning that wireless networks are even less safe than before.
A team led by the US government will give full details later today, Monday, but have already confirmed that an exploit known as KRACK is able to break through the encryption layer, putting anything into the plain sight of hackers.
The US Computer Emergency Readiness Team (US0CERT) has confirmed that using WPA-2 makes you a target and that's pretty bad because the majority of home routers don't have anything stronger.
Or to put it another way - if you use WiFi, you're a sitting duck.
At this stage, we're not sure how easy it is for a hacker to use KRACK, and so the scale of the problem is still somewhat up in the air. If it involves being within the range of your WiFi network for an hour, then it's less of a worry. If it's instant, then someone could attack you in a slow-moving car.
And that's not such an unlikely scenario - when WPA (1) was cracked back in 2009, it took a minute to slap down the data.
WPA2 has been so far from the back of people's minds it has hardly been mentioned on these hallowed pages, save for a portent of doom via a Virgin WiFi hack in July.
The full warning so far reads: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.
"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."
In other words, this is as bad as it gets. It has the potential to be Heartbleed on steroids (or on KRACK, if you insist) and there's pretty much nothing any of us can do about it, because no one has been really focusing on what would happen if it was.
Full details (and therefore how much we should worry) will appear later at krackattacks.com before a formal presentation of researcher findings at a talk called "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (yes that's really what it's called) at the ACM Conference on Computer and Communications Security in Dallas on 1 November.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year