Dark Reading

Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign

Enterprises that failed to install Oracle's critical WebLogic patch last October could find their PeopleSoft and cloud-based servers churning out cryptocurrency, a new discovery shows. A security ...
Threat Post

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after. Oracle is urging customers to fast-track a patch for a critical ...
ZDNet

Recent Oracle WebLogic zero-day used to infect servers with ransomware

A recently discovered zero-day vulnerability has been abused for over a week to infect Oracle WebLogic servers with at least two strands of ransomware, security researchers from Cisco Talos have told ...
Dark Reading

Prophet Spider Exploits WebLogic CVEs to Enable Ransomware Attacks

The Prophet Spider threat actor is running multiple campaigns in which attackers exploit Oracle WebLogic server flaws to access target environments then pass on their access to attackers who deploy ...
Computerworld

With bug public, Oracle rushes out WebLogic fix

Oracle has rushed out a patch for its WebLogic application server, two weeks after a Russian security researcher posted details of the vulnerability. The flaw lies in WebLogic’s Node Manager software, ...