https://techcrunch.com/2017/10/16/wpa2-shown-to-be-vulnerable-to-key-reinstallation-attacks/

A key reinstallation attack vulnerability in the WPA2 wi-fi protocol has been made public today. Security researcher Mathy Vanhoef has identified what he dubs a “serious weakness” in the wireless protocol.

The tl;dr is that an attacker within range of a person logged onto a wireless network could use key reinstallation attacks to bypass WPA2 network security and read information that was previously assumed to be securely encrypted — thereby enabling them to steal sensitive data passing over the network, be it passwords, credit card numbers, chat messages, emails, photos, and so on.