Security Boulevard

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP ...
Bleeping Computer

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters ...
Bleeping Computer

New Linux malware Hadooken targets Oracle WebLogic servers

Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken," which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. The ...
TechRadar

Oracle servers targeted by new Linux malware to steal passwords, crypto

Criminals have been spotted abusing poorly-defended Oracle WebLogic servers to mine cryptocurrency, build a DDoS botnet, and more. Cybersecurity researchers Aqua saw several attacks in the wild, and ...
TechRadar

CISA says Oracle and Mitel have critical security flaws being exploited

CISA addS three new bugs to KEV - two in Mitel’s MiCollab, and one in Oracle WebLogic Server The bugs allowed crooks to read sensitive files and take over vulnerable endpoints Federal agencies have ...
Dark Reading

'Hadooken' Malware Targets Oracle's WebLogic Servers

A threat actor is dropping a cryptominer and distributed denial-of-service (DDoS) malware on Oracle WebLogic Servers using "Hadooken." Researchers at Aqua Nautilus spotted the malware when it hit one ...