Well it has been awhile since CSRF has made the headlines. But here we go again. There was a paper publish by Ed Felten and Billy Zeller within the past few days that describes CSRF attacks in 4 major web sites, ING Direct, Youtube, Meta Filter, and New York Times. The wost of the attacks, ING Direct, would allow an attacker to tranfer funds out of a users account or open additional accounts on behalf a user.
Source: http://www.freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks
White Paper: http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf