One of my sites suffered an attack in recent weeks which I can't find documented in the WordPress forums.
The symptom is hidden spam content in posts with an HTML comment fingerprint like:
<!-- bablooO-start -->
Some people report the string "blyat" instead of "bablooO". The attack has been reported for both 2.7.0 and 2.7.1 installations of WordPress. So far I can't find anyone who reports this problem and has figured out how the intruder got in. The most extensive discussion I can find is at:
Is this a known attack? Is there an official channel through which to report this kind of thing?
[Sorry for the anonymous handle but I don't want to advertise an unclosed vulnerability on my site.]