I just read on PHPDeveloper that there is a new security problem that needs urgent attention of any php developer. It's RFI, a way for evil crackers to run their code of choice on your server, exposing such information as passwords, or even enabling them to get shell access to your system and maybe become root.

LWN has a good article describing the problem, offering simple solutions that every developer should already be using but sadly not everyone actually does. They also link to the code that crackers are actually using, as taken from their logs where attempts to exploit the RFI vulnerability are being seen at a rate of some 1 attempt per second.