Security firms are warning of two new Java based exploits that are unpatched and actively being used in new malware attacks.

Java – New Zero Day malware spreading for unpatched exploit

QUOTE: Attackers using two recently-uncovered Java unpatched vulnerabilities, or “zero-days,” have quickly expanded their reach by going mainstream, security experts said today. And on Tuesday, Mozilla, maker of Firefox, joined the chorus of advice that users should disable the current version of Oracle’s Java. The company is also ready to automatically block the plug-in from running in its browser, although it has not yet pulled the trigger … Earlier today we blogged about a new Java zero-day vulnerability (CVE-2012-4681) being used in a small number of attacks. That’s about to change as exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there – Blackhole