There’s a new bash vulnerability that could be a problem for a network-facing machine that happens to use bash. (See here for test.) As a BSD user, you can feel somewhat smugly superior since the default shell is tcsh and therefore it may not affect you – unless you’ve installed it from dports.
John Marino has already updated dports. A new binary is forthcoming, though you can always rebuild by hand if you don’t want to wait.
Update: oh, wait, not done.