Cybercriminals are using a zero-day Java exploit to infect and take control of victims' computers, a security vendor warned Tuesday. Sophos said the flaw, first reported by security firm FireEye, was ...

Oracle contributes to the problem by not working more closely with the security industry on Java defenses, one security expert said A zero-day Java exploit found for sale in the criminal underground ...

A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye. “We ...

Researchers at a threat and vulnerability management firm have replicated an exploit taking advantage of a fresh zero-day vulnerability in Java. A researcher known as Kafeine was among the first to ...

In October, I showed why Java vulnerabilities continue to be the top moneymaker for purveyors of “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit ...

With the recent zero-day exploit for Java, we're beating the "update Java now" drum and playing the "disable Java altogether" fife in the SecurityWatch parade. If that wasn't enough, recent news that ...

A new exploit for a recently fixed vulnerability in Java has been added to the Metasploit penetration testing framework, according to vulnerability management firm Rapid7, which owns the open-source ...

A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye. “We ...

A new zero-day exploit in multiple versions of Java puts roughly 1 billion users at risk to attackers and malicious code. The flaw was discovered by researchers at Poland's Security Explorations, a ...

People, it's time to disable Java on all your computer Web browsers, at least temporarily. The Java exploit discovered yesterday (Jan. 10) has already spread to at least four different browser exploit ...

Security researchers warn that cybercriminals have started using Java exploits signed with digital certificates to trick users into allowing the malicious code to run inside browsers. A signed Java ...