Jeremiah Grossman, RSnake and Robert Augerand have put together an interesting collection of web application hacks discovered in 2006.

Top 10
1. Web Browser Intranet Hacking / Port Scanning – (with JavaScript and with HTML-only and the improved model)
2. Internet Explorer 7 “mhtml:” Redirection Information Disclosure
3. Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning
4. Web Browser History Stealing – (with CSS, evil marketing, JS login-detection, and authenticated images)
5. Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3’s)
6. Forging HTTP request headers with Flash
7. Exponential XSS
8. Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII)
9. Web Worms – (AdultSpace, MySpace, Xanga)
10. Hacking RSS Feeds

Check out the original post here

Philipp Haupt and Matthias Hürlimann have developed an excellent open source VOIP security test tool called SIP Proxy. This tool can be used both as a proxy and as a VOIP fuzzing source.
Great tool ! SIP Proxy homepage on Sourceforge.

Telemachus is a companion utility for the well-known web proxy Odysseus, allowing further analysis and manipulation of the HTTP transactions that have passed
through Odysseus.

Telemachus can communicate with the currently active instance of Odysseus,or alternately load a previously saved Odysseus activity log file.

Although primarily designed to be used in conjunction with Odysseus,Telemachus can be used as stand-alone utility.

Pete Herzog from ISECOM has compiled a list of funny computer security incidents most likely to happen in 2007.
My favourite :

Your computer will probably crash a lot or at least reboot for no apparent reason but most likely due to some patch you got through an automated update which you are told to do for security reasons because apparently security and stability are incompatible.

Check the rest of them here