Security researcher discovers new Java exploit, nearly 1 billion PCs and Macs could be at risk.

Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of ...

Seculert researchers identified a Java exploit and corresponding attack pages on Red October command and control servers ...

Security firm FireEye is responsible for the latest finding, noting that this zero-day exploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15.

Further research by security vendor Immunity Inc. indicated that the active exploit actually took advantage of two separate unpatched Java vulnerabilities (what we, in the industry, call zero-days).

A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.

In addition to the new exploit, which targets Java SE 7 Update 7 and earlier and was patched by Oracle in Java SE 7 Update 9, it also supports the Oracle Java Rhino exploit, a Java zero-day ...

The exploit works in all major browsers, including Internet Explorer, Safari, Firefox, Chrome and Opera. Mac users of Lion or Mountain Lion who installed Java after purchase are also vulnerable.

The infamous exploit packs Blackhole and Nuclear Pack now feature a new zero-day Java exploit that exploits the Java vulnerability CVE-2013-0422. The latest version of Java 7 Update 10 is affected.

What gives? A: According to CERT’s Dormann, due to what appears to potentially be a bug in the Java installer, the Java Control Panel applet may be missing on some Windows systems.

A well-known hacking tool aimed at Java vulnerabilities appears to have gotten an upgrade designed to exploit a newly-patched security flaw addressed in the Java SE 6 Update 33 and Java SE 7 Update 5.