The Transmission BitTorrent client has a vulnerability that lets an attacker take over your PC if you are running it with remote control enabled with the default password, reported TorrentFreak.
Google Project Zero researcher Tavis Ormandy discovered the vulnerability, and has suggested that similar flaws may exist in other torrent clients.
Ormandy published a patch for the issues he discovered and shared it with the Transmission security mailing list two months ago, but the developers have not released an update for the client.
As a result, Ormandy disclosed the vulnerabilities before the usual 90 days that Project Zero gives developers.
In November, Ormandy also contacted µTorrent on Twitter about their security address bouncing and that he needed to speak to them urgently.
— Tavis Ormandy (@taviso) November 29, 2017