An unusual attack has been spotted in the wild, using an unexpected combination of threats.
Relatively quiet Critical Patch Update (CPU) from Oracle this quarter.
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication.
The upcoming security changes in Oracle Java address three long-standing issues with the Java security model.
Oracle’s Java SE Critical Patch Update for April 2013 contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability is not particularly challenging and could give complete control of compromised systems.