Funny, I was just blogging about emerging threats in Web 2.0. Well, here's an example of an attack on a stalwart of the Web 2.0 concept, live and all: WordPress 2.1.1 has been declared dangerous after an attacker broke into the servers and modified the code base, inserting malicious code that allowed for remote code execution. This does not appear to be a "web as platform" class attack so much as a server-side code abuse attack. Really, the attack itself seems mundane. However, given the popularity of blog software, with huge growth due to social networking, this attack is amplified because of the Web 2.0 movement. fwiw. :)
