Malicious backdoor in opensource messaging apps not spotted for 3 months

If you downloaded one of three messaging apps from the Horde Project's FTP server between November and February, you may be wide open to attacks.

It's not the first time a trusted developer of open-source software has been hacked.

Source:
http://arstechnica.com/business/news/2012/02/malicious-backdoor-in-open-source-messaging-apps-not-spotted-for-4-months.ars