A recent report talks about what the Department of Homeland Security warned about. It has apparently issued a clear warning in the context of Java so that all those who are using it, can get it disabled. It was done after they managed to nail down some security issues.
To make it all the more clear, they even issued a Critical Patch Update Pre-Release Announcement from Oracle. It has been made clear in the advisory that due to Vulnerability Note VU#625617, "it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note `Setting the Security Level of the Java Client'".
There are fair chances that those who have playful mind might try to play around with the vulnerability in Java and affects the machine badly. Shockingly, there are packed exploit kits online available for sale, which further supports miscreants to take benefit if the issue. The kits are capable enough to place randsomeware on machines, which would further help breaching confidential details of users.
Nonetheless, it has been made clear by Oracle that they will release a patch for the issue so that 86 security vulnerabilities can be addressed on January 15.