http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
Essentially, the OpenSSL has a bug that, if exploited, allows hackers to gather information, including cookies, to use. It's way over my head, but it's a big thing.
The page comes with a tool that lets you see if a page is vulnerable (and, for the people who want to use this as another weapon against the "evil" PWE, it's safe.)