Sucuri has published more information regarding the compromising of at least 30,000 domains. Based on their research, they are ruling out the possibility that the attacks are taking advantage of a new vulnerability within the core of WordPress.
The first question is how are these sites getting hacked? On all the cases we analyzed, they either had outdated versions of WordPress, or of a plugin. We can safely rule out any new vulnerability on WordPress itself.
To stay on top of the latest malware threats on the web, you should subscribe to their RSS feed. Perhaps the more people that realize this stuff is happening on a daily basis, the more it will persuade them to keep sites, plugins, and themes updated.