Users who have a wallet for the cryptocoin Monero need to watch out. There is a vulnerably in the wallet.
The issue is a leak that can be remotely exploited (by visiting a website) and steal your coins.
So in face it is a Cross Site Request Forgery issue. This means an attacker can execute code on your behalf.
In this case the RPC webservice does not explicit demands authentication for payments.
This issue was already known on 6 sept. MWR Labs did contact the developer. There was a hotfix deployed on the 19 of sept. But this is not applied by default. The user also had to enable it!
More info
Source Dutch: https://www.security.nl/posting/486228/Gat+in+digitale+portemonnee+Monero+maakt+diefstal+mogelijk
And comment from Monero.
https://getmonero.org/2016/09/21/a-statement-on-the-mwr-labs-disclosure.html