Zero day attacks
A zero day exploit is basically an attack on code vulnerability on the same day that it has been found. There is a short window of time that occurs between when a security issue has been discovered in application or operating system code, and the time when that system gets a patch or other solution to address the problem. This time is when an affected system is most vulnerable. Application vendors and operating system providers will actively respond to these threats and fix them, probably before you even know that a threat existed.
It is that window of time when a system is most vulnerable to attack as the race is on between the vendor and the attackers. When Microsoft discontinues Windows XP in April of 2014, they will cease any and all support for the operating system, including security patches. As new exploits get discovered in XP after April 8th, 2014, attackers will have the upper hand as they will have unlimited time to write code that exploits these new vulnerabilities. This will put XP users at significant risk for attacks.
As there is still a significant number of businesses and home users that have not moved to a new operating system, the opportunity exists for hackers to write malware to do everything from skimming credit card numbers to using your system for denial of service attacks on other systems. As long as it remains a profitable enterprise for hackers, they will continue to search for and exploit holes within XP. Newer operating systems like Windows 7 and 8 are more secure than XP in the first place, but also will have active support for years to come. The longer you wait to move to a new operating system, the more at risk you will be.