Threat Post

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after. Oracle is urging customers to fast-track a patch for a critical ...
Ars Technica

Oracle issues emergency update to patch actively exploited WebLogic flaw

Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the ...
Bleeping Computer

Critical bug actively used to deploy Cobalt Strike on Oracle servers

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt ...