Seriously? May is gone already? Dang.
I've noticed an interesting trend among black hats lately, particularly with hosted software solutions or software-as-a-service entrants. First Jira had an exploit and a few large compromises, not to mention a flurry of fits and starts when Atlassian left an old password database out in the open.
Not too soon after it was revealed that Splunk had suffered a similar compromise, revealing user passwords. While the security hole itself was something Splunk was responsible for this does indicate a growing trend of attacks against hosted software.
It is easier now than ever to host a web application, but lil' thinks like multi-tenancy and browser security contexts are not easy nuts to crack. It may be generally believed that smart minds elsewhere have figured it out, but we're rapidly finding out that behind every webapp there is a seedy crew trying to hack through it.