This time some jackass(es) uploaded changes to several popular WP plug-ins that provided back door access to servers on which they were installed. Yet another reason to assume control of (and responsibility for) your own systems. I also try not to jump immediately on new updates of plugins and new software versions. The way I figure it, your chances of updating to a hacked version of something is reduced dramatically if you wait a few days or weeks after an update is released. It’s one reason I like to be informed of available updates, but not automatically have them installed — and I don’t want to be nagged (Avast, Adobe, Nikon…).