I had one of my Joomla sites get hacked last night. It was on Joomla 1.5.3. The hacker only changed the front page and did not get to the database or other websites on the server thankfully. If you have Joomla installed please update your site immediately to the 1.5.6 Security Release.
See the Joomla Security Blog to review details of the flaw. Basically, someone get the password for the first user in the list. If that use is still the admin user or if they can guess the username of that first user, you are hacked.