Java 7 Update 80 is a "frozen" snapshot of 2015 security technology. In a modern threat landscape, it is an open door for exploits. The priority for any IT department should be a structured migration to a supported Long-Term Support (LTS) version to ensure the integrity of their data and infrastructure.
A flaw in the WLS Security component that allowed for remote exploitation without authentication. java 7 update 80 vulnerabilities
Representative CVEs historically relevant to Java 7 timeframe (examples) Java 7 Update 80 is a "frozen" snapshot
Oracle stopped defending Java 7 on April 8, 2015. The attackers never did. 2015. The attackers never did.