If you remember back to 2012 and 2013, the Java platform was not in good shape. It had flaw after flaw after flaw, even with constant security updates. And because it was installed and active on most computers by default, it put many millions of people at unnecessary risk of hacking, ransomeware or identity theft.
Fast forward to today and things are looking up. Not only has Java gotten safer (if a lot spammier), fewer people are using it. Most sites have moved away from needing Java and nearly all the major browsers block it by default. Even Internet Explorer doesn't let it run if it's an outdated version. That's all good news, but there's an unforeseen side effect.
Now that Java is much harder to use in attacks, hackers have jumped to another target: Adobe Flash. According to Microsoft security experts, 90% of Java hackers moved over to attacking Flash in 2014.
That means most of the new threats coming out these days are attacks against Flash, which is also installed on every computer. And there's one more big concern: the newest threats are coming out faster than ever. In 2014, hackers were attacking 60% of the newest security flaws within 10 days of Adobe or security experts announcing them. In other words, anyone who doesn't update Flash right away is in serious trouble.