If your site is hosted, make sure your host and CMS keep patches current:
Cryptome founder John Young said in an e-mail that he believes the attackers were able to infect his website with a poisoned PHP file by exploiting a weakness in security or server software provided by Network Solutions, which hosts the Cryptome website.
via Breaches galore as Cryptome hacked to infect visitors with malware.
Pretty embarrassing for Oracle and MySQL:
via Hackers turn MySQL.com into malware launchpad.