Researchers claim to have found a critical security hole at the heart of computer code used on more than a billion PCs and Macs.
The so-called 'zero day' vulnerability, meaning one for which there is currently no known cure, has been found in all versions of Oracle's Java software, including Java 5, Java 6, and Java 7.
The bug could potentially allow hackers to take total control of a user's computer.
Java is commonly used by many websites and programs, and is supported by all popular browsers including Chrome, Firefox, Safari and Internet Explorer.
The researcher who discovered it, Adam Gowdiak, who is CEO of Polish security firm Security Explorations, said via the Full Disclosure mailing list that he hoped he would not "spoil the taste of [Oracle CEO] Larry Ellison's morning java".
The new security hole is the latest is a series of massive glitches found in Java, including another zero-day discovered last month.
But it is also potentially more serious, because all editions of Java include the flaw and not just Java 7.
According to Computer World more than a billion computers are at risk - but luckily no hackers are thought to have access to the vulnerability (for now).
The researchers have now sent the source code of the hack to Oracle for analysis. However on the Full Disclosure one researcher put the claims into question, pointing out an unusual lack of detail in the claims:
"I don't see any details?," he said. "This list is "full disclosure", not "touch self in public"."
Oracle have not yet made a statement on the new security bug.
No patch or fix has been announced, but it is worth noting that last time this occurred Oracle quickly pushed an emergency fix to make sure users would be protected.