The Tor browser (part of the Tor Browser Bundle) has been served malware on a compromised website as the result of a security vulnerability in the browser, a version of Firefox. US security services are allegedly responsible for the malware, which reports the user's IP address to a third party. The suggestion is that security services are trying to identify child pornography users.
Foss Force has the story, and repeats a claim made on eWeek that the browser in the Tor Browser Bundle was left insecure for weeks. The Tor blog rejects this claim, arguing that a security update was available.
To me it seems that Tor is correct here: only users who had not updated to the secure version were vulnerable. The Tor Browser Bundle had a warning on its start page advising users to get the security upgrade.
My own interest in the Tor network, I should point out, is the evasion of internet restrictions placed on users by countries which do not respect freedom of speech and information. I recently used it to evade a block on Blogger by the country I was staying in, a petty and profoundly undemocratic action, which I felt no compunction about evading. However, out of respect for my host nation, I won't reveal which country it was.