The post at http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html discusses an interesting priv escalation attack they found and is discussed in the paper linked off of the post. I don't play around enough in *nix to understand exactly how it works, but it seems to be an interesting class of attack that looks very hard to patch and fix.
This is great marketing for Qubes (developed by the Invisible Things Lab as a virtualization solution). The post from Joanna avoids marketing Qubes too much, but in the comments she makes this remark "In Qubes we're not adding an additional layer of abstraction -- we're replacing the buggy Linux monolithic kernel, with something orders of magnitude less buggy".