It seems that information about a vulnerability in mysql.com has been sold in the “hacker underground” for $3000 and actually put to use. The 400k visitors per day of mysql.com have been served malware during the last day for an unknown period of time.
A piece of heavily obfuscated JavaScript injected in one of the homepage files redirected the visitors through an iframe to a web site that uses the BlackHole exploit pack, an automated exploit toolkit that probes visiting browsers for a variety of known security holes. Drive-by downloads succeeded most commonly through a Java JRE exploit, without requiring the users to do anything except visit the MySQL website. Update your browsers!
More info at:
http://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html