In June 2019, Oracle said that a critical remote code-execution flaw in its WebLogic Server (CVE-2019-2729) was being actively exploited in the wild.

Oracle publishes rare out-of-band security update for WebLogic servers Oracle releases additional fix to patch a bug for the second time after the publication of proof-of-concept exploit code.

Oracle released an out-of-band security update to fix a vulnerability in WebLogic servers that was being actively exploited in the real world to hijack users' systems.

Threat actors are actively exploiting vulnerable Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons to gain persistent remote access to compromised devices.