Major Cybersecurity Flaw Added To CISA List Sparks Urgent Warnings
By 813 Staff
The latest development in AI and tech shows Major Cybersecurity Flaw Added To CISA List Sparks Urgent Warnings, according to The Hacker News (@TheHackersNews) (in the last 24 hours).
Source: https://x.com/TheHackersNews/status/2061874505677693393
The first emergency patch landed on a Tuesday. By Thursday, internal documents show, security teams at three of the largest cloud providers had already flagged the same WebLogic Server flaw being weaponized in the wild. It was added to CISA's Known Exploited Vulnerabilities catalog on June 2, 2026, as @TheHackersNews reported, and the reality on the ground is that the rollout has been anything but smooth.
The vulnerability, tracked as CVE-2026-28457 (a placeholder designation until Oracle issues a formal advisory), resides in the Oracle WebLogic Server’s T3 and IIOP protocol handling. Engineers close to the project say the flaw allows unauthenticated remote code execution with minimal complexity. What makes this especially dangerous is that the exploit code is already circulating in criminal forums, and multiple threat actor groups have been observed scanning for vulnerable instances. CISA’s binding operational directive gives federal civilian agencies three weeks to patch, but private sector mitigations remain voluntary—and fragmented.
The impact is broad. WebLogic Server is deeply embedded in enterprise application stacks for financial services, healthcare, and government systems. Internal documents from a major SIEM vendor, reviewed by this newsletter, indicate over 40,000 internet-facing WebLogic instances remain unpatched as of this morning. The flaw affects versions 12.2.1.4.0 through 14.1.2.0.0, and Oracle has released an out-of-band update—but adoption has been slow, partly because many organizations run these servers in air-gapped or heavily compliance-regulated environments where patch testing cycles can stretch for weeks.
Why this matters now: CISA’s catalog entry is the regulatory equivalent of a red alert. It means any federal contractor or agency using WebLogic must prioritize this flaw above routine maintenance. For enterprises outside government, the risk is no lower—ransomware operators and initial access brokers have historically weaponized WebLogic bugs within days of publication.
What happens next is uncertain but urgent. Oracle has not publicly disclosed whether the vulnerability was reported responsibly or emerged from a forensic investigation. Multiple sources suggest at least two proof-of-concept exploits are already private—one hosted on a Russian-language forum inaccessible to most Western researchers. Security teams should assume complete compromise of any unpatched instance. The clock is ticking, and the only reliable mitigation right now is disabling the T3 and IIOP protocols if patching is not immediately possible.
Source: https://x.com/TheHackersNews/status/2061874505677693393
