There is a security alert floating around (PHP Magazine, php|architect) about a new hole found in the code of PostNuke.

If you have downloaded and installed a PostNuke zip archive between Sunday at 23:50 GMT and Tuesday at 08:30 GMT, you should re-download the software and check it against off-site MD5s. PostNuke has posted a security update saying that a vulnerability in the paFileDB download management software allowed an attacker to put up a hacked version of PostNuke for download. In preliminary investigations, the PostNuke source from its Web site), had been modified to send all data submitted during the installation process to a different server, which would collect the data and allow the attackers to gain control of the site where PostNuke was installed. Users who may have installed the compromised files are recommended to reinstall the code, and change the database details, including username, password, and the name of the database. PostNuke is a development fork of the PHPNuke CMS.

This is a pretty serious issue for anyone out there running the PostNuke software. Since it wasn't so much a bug in the actual PostNuke application, it's a bit harder to catch - but as a safety measure, go over and download the latest source so you can sleep a bit better at night...