CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after. Oracle is urging customers to fast-track a patch for a critical ...

The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit. Oracle has released a rare out-of-band patch for a ...

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions. The security ...

Security researchers have spotted a new zero-day vulnerability impacting the Oracle WebLogic server that is currently being targeted in the wild. Oracle has been notified of the zero-day, but the ...

A critical Oracle WebLogic vulnerability was weaponized almost immediately after public exploit code became available, according to a new honeypot-based analysis covering attack activity between ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Criminals have been spotted abusing poorly-defended Oracle WebLogic servers to mine cryptocurrency, build a DDoS botnet, and more. Cybersecurity researchers Aqua saw several attacks in the wild, and ...

A recently discovered zero-day vulnerability has been abused for over a week to infect Oracle WebLogic servers with at least two strands of ransomware, security researchers from Cisco Talos have told ...

A threat actor is dropping a cryptominer and distributed denial-of-service (DDoS) malware on Oracle WebLogic Servers using "Hadooken." Researchers at Aqua Nautilus spotted the malware when it hit one ...