It seems that ever since the Heartbleed bug was published earlier this Spring, OpenSSL just hasn't been able to catch a break. Today, it was announced that seven additional vulnerabilities had been discovered affecting OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2 (meaning all versions, basically).

At least one of the bugs, a man-in-the-middle attack referred to as CCS injection (detailed here and here), has been dubbed "serious" by the team.

Read More