A recent paper explains an attack on AES-128. Best to think of it now as AES-126, more or less.
paper here: http://research.microsoft.com/en-us/projects/cryptanalysis/aes.aspx
presentation here: http://rump2011.cr.yp.to/d41bd80f6680cfd2323e53fbb9a62a81.pdf
Conventional wisdom says attacks get better over time; once a chink in the armor is found it can lead to more effective attacks. The Wikipedia article on SHA-1 shows a slow but steady improvement in attacks since the 2005 work by Wang etc.... It seems to me that it is possible that any single attack strategy probably approaches some upper limit for effectiveness. The real-world problems arise when the upper limit effectiveness of that attack is sufficient to break an algorithm easily with ordinary computing power. (of course, the "cloud" redefines the amount of computes available to the ordinary user)
It'll be very interesting to see if the techniques used to attack AES-128 now allow for significant improvement over time.