Joomla.org has announced a security update for the Joomla 2.5.x series. Version 2.5.8 fixes a moderately severe clickjacking vulnerability issue affecting version 2.5.7 and all earlier 2.5.x versions. All Joomla site admins are advised to update their sites as soon as possible via your administrator areas by clicking on Components/Joomla! Update and clicking the "Install the update" button.
Backing Up Your Site
Although it's not technically required, it is good practice to have a backup of your site before performing updates. If you do backup your site, make sure that you are not making backups of previous backup files. Site admins please remember to download your backup files to a local drive and delete them from the server.
Akeeba Backup users: Your backup files are located in the /administrator/components/com_akeebabackup/backup directory. Akeeba Backup .JPA files are only for a full restore of your site.
File Manager Backups (Recommended): If you wish to make a temporary backup, you can also use cPanel's File Manager and phpMyAdmin utilities to make quick backups of your site and database.
For instructions, go here Backing Up With File Manager and phpMyAdmin...
