We are actively investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit) and are working with our developers in coordination with Magento hosting partners and community members. We have NOT identified a new attack vector at this time but rather have found that all sites that we have checked show as vulnerable to a previously identified code execution issue for which we released a patch in early 2015.
For more information, please visit our Security Center.