Here we go again:
- Has HTTPS been broken?
- Has HTTP finally been cracked?
- Potential weakness in SSL/TLS security downplayed by certificate group
The answer is firmly: NO.
What the articles really mean is
HTTPS using RC4 is weak, but we have known that for years. Some research has found a particular good way of breaking RC4, so it is worse than ever. Please use a widely available stronger symmetric algorithm.
But I guess that does not make a good headline, so I guess we have to live with the hype.
Once Upon a Camayoc 
You’re right, of course; it must have been a slow news day.
Cryptographers are naturally a very conservative lot, and RC4 has had warning bells rung over its use since (um…) around 2005, when Ron Rivest announced that, given a snippet of <200 bytes from an RC4 stream, he could confidently identify it as being RC4. This makes it distinguishable from whitenoise, even without getting to choose the plaintext, which means it fails one of the important strength-checks of a Feistel cipher – and its fate should have been sealed right around then. Like many other things, though, it takes bits of the world a while to catch on…
LikeLike