Were "hit"? By "hackers"? WTF, register, do your homework better.
The guys on hackersblog.org simply raise awareness about SQL injection and XSS vulnerabilities. And they notify the poor bastards running crap webapps prior to publishing on that blog.
The F-Secure spin is interesting in a very lame way. They've been doing "attacks", ohnoez, the evil hackers are out to get us.
"Fortunately we utilize defense-in-depth strategies so the attack was only partly successful." What a load of bull. They run software susceptible to SQL injection, but their strategies are defense-in-depth.
The "attack" was "partially successful" because they only happened to have non-important tables exposed, unlike the other 2 AV vendors.
El Reg, if you want a story then report on F-Secure's lame spin loaded with marketing mambo-jambo. That post reeks of it: "has been doing attacks"; "they hit us"; "defense-in-depth strategies"; "the attackers" etc... Saying "the impact was minimal" is just evil. There was no impact; the guys never "impact" on the vulnerabilities they discover. They don't run update queries, or drop database or whatnot.
They get one thing right though: "the attack is something we must learn from and points at things we need to improve". This is exactly what the hackersblog.org folks do: point at vulnerabilities so they can fix them. If they wanted to "hit" them, they'd keep quiet and take advantage of their data in whatever evil way possible, not post on a public blog.