Are these attacks for real? Does anyone get affected really?
People often wonder if all these attack techniques and exploits are indeed for real. Is anyone really hit by these attacks? Is this all just theory?
While it's unlikely that any company will want to publicize that it's been the victim of an attack, some incidents do get reported in the media. The Webappsec site maintains an incident database of those reported in the media.