A java bug.
The last thing that java comunity need now is a serious java bug that would get widely reported on security sites. Unfortunately it has happened and this bug seems to effect all versions relased over last 5 years or so.
The timing couldn't have been worse. Java has been gaining ground. The last serious flaw has been long forgotten by the public and even by the community. In the meantime java has taken over as the #1 technology at sourceforge. Products like Azureus have done a lot for the popularity of the java. I like to think that at Rad Inks we have played a role too with our applets.
So in the middle of this we are now told that there is a bug in the sandbox that results in unsigned applets being able to access privileged resources. An exploit has not been published, but there may have been one published in underground sites.