The front page of Slashdot today tells us that another Java 0-day has been found. It works in Metasploit and is being used in the wild. Turn off the Java plugin now! Never turn it back on.
The analysis of this seems to point to the getField function of sun.awt.SunToolkit. See the code below ... Read more »