This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
At this point the most widely exploited holes seem to be in Java's web browser plugin. They allow attackers to escape Java's security sandbox and run web apps with the same privileges that the browser uses. Java code that does not use Java's SecurityManager are (usually) not vulnerable to these exploits.