<p>A French company that mines and sells zero-day exploits to governments says the lower cost of exploiting Java is attracting hackers towards it over Adobe's Flash.</p><p>"We see that criminals are moving from Flash to Java. We don't see many Flash exploits in the wild these days," Chaouki Bekrar, chief of French security firm Vupen, told Kaspersky's news service at the HP-TippingPoint CanSecWest hacking conference this week.</p><p>Vupen has gained a degree of infamy for its connections to government surveillance campaigns in the Middle East and its reluctance to cough-up exploits to vendors. For example, at last year's Google-sponsored Pwn2Own contest at CanSecWest it withheld Chrome exploits from Google, despite the internet company paying $60,000 for the prize.</p><p>The company has done well at this year's contest and says security risks of Java are so bad that the software needs a "redesign", according to Vupen's Bekrar.</p><p><a href="http://www.cso.com.au/article/455841/java_browser_plugin_cheaper_exploit_than_flash/">Keep reading...</a></p>