WPA2 which is perhaps the main security method used to protect WiFi has been shown to be vulnerable to a newly discovered attack called "Key Reinstallation". This attack exploits nonce reuse and the article claims it "works against all modern protected WIFI. Any data transmitted over WIFI can now be decrypted which may even include login data so it is important to take serious precaution.
Because this is a very major attack I encourage everyone and anyone to share this news either by sharing my post or by making a duplicate post on your own blog to announce this. This needs to be known in the crypto community because money may be at stake.
Some technical details on the attack:
Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK):