The Hacker News

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

CVE-2024-21182 entered CISA's KEV catalog after active exploitation evidence, requiring federal patching by June 4, 2026.

CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed ...
CSO Online

Two-year old Oracle WebLogic Server vulnerability is being exploited

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.

Attackers target Oracle WebLogic Server

Attackers are targeting a vulnerability in Oracle's WebLogic Server. It allows for full compromise of the instance.
ZDNet

Recent Oracle WebLogic zero-day used to infect servers with ransomware

A recently discovered zero-day vulnerability has been abused for over a week to infect Oracle WebLogic servers with at least two strands of ransomware, security researchers from Cisco Talos have told ...
Bleeping Computer

CISA flags two-year-old Oracle flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...
Mozilla

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Several security companies have detected scans over the past week that look for Oracle WebLogic servers vulnerable to a flaw that has not yet been patched, possibly in preparation for malicious ...