It's been a fairly quiet two years for Java. That's surprising if you think back to early 2013 and the daily stream of catastrophic security flaws being found and (sometimes) fixed in the widespread software.
The negative press got Oracle, Java's developer, to clean up the code and put stronger security in place. It worked and we've enjoyed two-year lull in major Java security problems (Adobe Flash has taken its place). Unfortunately, that lull has come to an end.
The latest version of Java, 1.8, has a major zero-day security flaw that hackers are actively using. In this case, the hackers are a group called Pawn Storm, and they're specifically targeting NATO members and an unnamed U.S. defense organization.
However, just because Pawn Storm is using this flaw for targeted attacks doesn't mean you won't get caught up in it. Once other hackers figure it out, they'll use it to target anyone they can.