Threat Post

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit. Oracle has released a rare out-of-band patch for a ...
Threat Post

Oracle WebLogic Server RCE Flaw Under Active Attack

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. If an organization hasn’t updated their Oracle WebLogic servers to protect them ...
ZDNet

Oracle patches another actively-exploited WebLogic zero-day

Oracle released an out-of-band security update to fix a vulnerability in WebLogic servers that was being actively exploited in the real world to hijack users' systems. Attacks using this vulnerability ...
CSOonline

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Several security companies have detected scans over the past week that look for Oracle WebLogic servers vulnerable to a flaw that hasn’t yet been patched, possibly in preparation for malicious attacks ...
Ars Technica

Zero-day attackers deliver a double dose of ransomware—no clicking required

Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part ...
Bleeping Computer

Critical Oracle WebLogic flaw actively targeted in attacks

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. The ...