Cybercriminals, buoyed by automated attack toolkits, are increasingly taking advantage of Java, targeting known Java vulnerabilities and discovering zero-day exploits. Experts say the onslaught will continue until more Java protections can be deployed by Oracle, but adding them around the programming language's engine is no easy matter.