I am on 2.6, since shortly after its release. Only plugins are Akismet and WordPress.com stats. Shared server (Dreamhost).
I just got hacked by that site too. My latest blog post was largely deleted and replaced with:
<font style="position: absolute;overflow: hidden;height: 0;width: 0"><a href="http://www.sibresource.ru/">ландшафт</a></font>
Any idea how this happens? What do I need to change to plug this hole? Thanks.
