Symantec released the bi-annual Internet Security Threat Report Volume IV.

With over 20,000 sensors monitoring network activity in over 180 countries, Symantec has established one of the most comprehensive sources of Internet threat data in the world, giving Symantec's analysts a superior source of attack data from which to spot important trends. These trends educate executives about potential threats and exposures, and using the data can help them identify weaknesses in their own security architecture or policies.
VULNERABILITY HIGHLIGHTS:
• 80% of all vulnerabilities discovered are
remotely exploitable
• Web application vulnerabilities up 12%
• Attacks are being released faster
• Areas to watch for new vulnerabilities:
– Integer error
– Timing analysis
– Microsoft Internet Explorer
– Microsoft IIS
You can download the report at this link: Internet Security Threat Report IV

It is free but you do have to fill out some registration information to get it.